• Written by Margaret Riley, Professor of Law, Public Health Sciences, and Public Policy, University of Virginia

When President Trump was hospitalized with COVID-19, his doctor pointed to “HIPAA rules and regulations[1]” as the reason he couldn’t speak more freely about Trump’s condition. HIPAA is a medical privacy law, but people often misunderstand what it does and doesn’t do.

Margaret Riley is a law professor at the University of Virginia[2] who specializes in health law. She spends a lot of time teaching future lawyers and medical professionals how medical privacy laws work. Here are the basics.

1. What is HIPAA and why did Congress pass it?

The Health Insurance Portability and Accountability Act’s[3] Privacy Rule is a federal law that went into force in 2003[4]. The need for such a law had been underscored when tennis star Arthur Ashe’s HIV status was revealed publicly[5] and country music star Tammy Wynette’s health records were sold[6] to tabloids for a few thousand dollars. People were also starting to worry about genetic privacy. And Congress recognized that the internet would make it easier for health care privacy breaches to occur.

The law prohibits health care providers and businesses and people working with them – including administrative staff, laboratories, pharmacies, health insurers and so on – from disclosing your health information without your permission. That includes information about your COVID-19 symptoms and test results – though there are some exceptions.

2. Is all my medical info protected by HIPAA?

No, HIPAA protects only health care information that is held by specific kinds of health care providers. For example, health care data that may be on your Apple Watch or Fitbit are usually not covered by HIPAA. Similarly, genetic data you enter on websites like are not covered by HIPAA.

Even some apps that do things like help you maintain your blood sugar may not be covered by HIPAA if you aren’t using them at the direction of your health care provider. Other laws or agreements like the privacy disclosures required on many apps (although many people don’t read them[7]) may protect that information, but HIPAA does not.

Employers are generally not covered health providers, so HIPAA does not apply to them. If necessary to protect others, your work could share that you have an illness. That said, other laws like the Americans with Disabilities Act may prevent your employer from disclosing identifiable health information about you that you may have shared with them.

3. Who can disclose what under HIPAA?

HIPAA gives you the right to control your health information disclosures so you can tell your health care provider what to share.

For example, you may be willing to have your health care provider share some of your health information with family members, but you might not want to share all of it; you can tell your health care provider not to share any stigmatizing information or procedures that your family might not know about. You need to be very clear with your health care provider if you want to exclude some information. Some information, like psychotherapy notes or giving your data to marketing companies, requires written authorization.

Sometimes people try to use HIPAA as an excuse for actions that it doesn’t in fact cover. In 2020, for instance, some people confronted with rules about wearing masks in stores assert that they don’t need to wear one and don’t need to explain why because of HIPAA[8]. That’s not actually how this privacy law works.

exterior of a medical center with mask sign Even during the pandemic, your personal medical information is largely protected. Spencer Plat/Getty Images News via Getty Images[9]

4. Could my health care provider be required to disclose any of my info without my permission?

There are exceptions[10] to HIPAA’s nondisclosure requirements. For example, HIPAA regulations allow covered health care providers to disclose patient information to help treat another person, to protect public health and for certain law enforcement purposes.

There are additional exceptions that apply during a pandemic. For instance, while health departments may have access to information about people in their district who’ve tested positive for COVID-19, HIPAA and other privacy laws require them not to release any more information than is needed to keep people safe. So, health departments will provide information about how many people have tested positive and how many people are hospitalized, but they won’t release any names to the general public. Health department contact tracers may reveal identities of individuals if it’s really necessary to alert specific people that they may have been exposed.

[Deep knowledge, daily. Sign up for The Conversation’s newsletter[11].]

HIPAA covers President Trump just as it does you and me. There may be good reasons that people want to know more about the president’s health, but his health providers can provide the public only with information about his health that he has allowed them to share. They shouldn’t say anything that isn’t true, but they can certainly omit information.

5. What if someone violates my rights under HIPAA?

Only the government can bring a claim if an individual’s protected health information is breached. So to bring a federal claim, you would need to work with the Office of Civil Rights at the U.S. Department of Health and Human Services. You may be able to sue under state law and use the breach of your HIPAA rights as evidence.

Some people who are particularly worried about their privacy may ask health care providers to sign a nondisclosure agreement that gives them additional claims and the right to sue directly if there is a breach.

Authors: Margaret Riley, Professor of Law, Public Health Sciences, and Public Policy, University of Virginia

Read more

Metropolitan republishes selected articles from The Conversation USA with permission

Visit The Conversation to see more

Entertainment News

KAI ALECE “Raise ‘Em Up”

Sometimes, a song written by a brilliant, insightful songwriter who’s been flying – and singing - way too long under the radar, rises to meet the sociopolitical moment in unimaginably provocative ways. After hundreds of gigs throughout the Southe...

News Co - avatar News Co

How I tied an 80s Pop Icon to an Alien Abduction

I was playing guitar when I got a message that 80s rocker Tommy Tutone (Tommy Heath) wanted me to use the hook from his 1984 hit "867-5309/Jenny" in a new song.  You might know the song; it's the one with the phone number "867-5309".  It might be...

AV Super Sunshine - avatar AV Super Sunshine

An Unexpected Effect of COVID: Collaboration and Creativity

Who knew? The mentions in the news of the coronavirus hitting American shores were just beginning when my husband and I went ahead with our weekend getaway. It was late February, and we were headed to Chicago, a simple four-hour drive away from o...

Angela Predhomme - avatar Angela Predhomme


Fifty years from now—long after Covid-19 has run its course—what will historians say about how we handled this pandemic? Will they praise us for a job well done? Or will they marvel, instead, at the viral panic that led to such irrational, cont...

David P Hatherill, PhD (aka Dr Dave Smooth Jazz Recording Artist) and John Sack, MD - avatar David P Hatherill, PhD (aka Dr Dave Smooth Jazz Recording Artist) and John Sack, MD


One of the most iconic phone numbers in rock history, 867-5309 began life scrawled under the name “Jenny” on a bathroom wall in 1982 – the year the band Tommy Tutone took the single to #4 on the Billboard Hot 100. Nearly four decades later, thank...

News Co - avatar News Co


The Covid-19 pandemic is affecting the music industry in ways that could ultimately turn it on its head not only during the pandemic but, perhaps, permanently. Since its inception, the business model of the music industry has remained largely un...

Brandyn Cross - avatar Brandyn Cross

Metropolitan Business News

How to Deliver the Perfect Elevator Pitch

Do you struggle with explaining your career with professional or personal contacts, and you want to make a lasting impression? Whether you're looking for a job or building up your network, a wel...

Adam Jacobs - avatar Adam Jacobs

Three Asian Countries That are Leaders in Outsourcing

Would it surprise you to know that three of the top five ranked countries for ease of doing business are in Asia? Would it surprise you more to know that India and China aren’t even in the top 3...

Adam Jacobs - avatar Adam Jacobs

FCB and oOh! help Kiwis vote with dynamic campaign for Electoral Commission

oOh!media and FCB NZ are helping Kiwi voters exercise their democratic rights this general election, via a localised dynamic Out of Home campaign for the New Zealand Electoral Commission. The c...

Lighthouse Communications. - avatar Lighthouse Communications.


In 2019, just as his multi-faceted career was taking off, Thorn Castillo heard Robert Downey Jr. offer a sage bit of advice during an interview on photographer/director Sam Jones’ acclaimed multi-...

News Company - avatar News Company

New Research Highlights Opportunities for Sports Betting

Revenue Stream for Sports’ Post-COVID-19 Recovery Strategies New Rochelle, NY, June 1, 2020— Twenty-four states have now legalized sports betting, with more states considering legalization la...

Len Stein - avatar Len Stein

How to make overseas transfers easier?

Mainstream banks can charge as much as $20 just to process a basic international money transfer. Fortunately, today people are not doomed to handling personal finances only through mainstream gl...

News Company - avatar News Company

Writers Wanted

News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion