respect teamwork conversation scale security like value security-breach question delivery-truck dog accident folder slippery wheelchair Lifted Logic Web Design in Kansas City clock location phone play chevron-down chevron-left chevron-right chevron-up facebook checkbox checkbox-checked radio radio-selected instagram google plus pinterest twitter youtube send linkedin computer phone-call play-button quote-end quote-start pin call-answer envelope clock fax-machine right-arrow left-arrow mail-envelope-outlined
(816) 888.8010

Talk To A Lawyer Now

 Do I have a case?

Myths About HIPAA

There are several common myths about HIPAA (Health Insurance Portability and Accountability Act) violations that often lead to confusion. Here’s a breakdown of the most prevalent myths—and the truth behind them:

Myth 1: “Any sharing of patient info is a HIPAA violation.”

Truth:
HIPAA permits sharing of protected health information (PHI) for treatment, payment, and healthcare operations without patient authorization.
Example: A doctor consulting another specialist about a patient’s condition is allowed under HIPAA.

Myth 2: “Only healthcare providers can violate HIPAA.”

Truth:
HIPAA applies to:

  • Covered entities: healthcare providers, plans, and clearinghouses.
  • Business associates: third parties handling PHI on behalf of covered entities (e.g., billing companies, IT vendors).

Anyone in these roles can violate HIPAA.

Myth 3: “If there’s no patient name, it’s not a violation.”

Truth:
Removing just the name is not enough. PHI includes 18 identifiers (e.g., birth date, address, phone number, medical record number). De-identification must remove or code all of these to avoid a violation.

Myth 4: “Talking to a patient’s family is always a violation.”

Truth:
HIPAA allows providers to share relevant PHI with family, friends, or others involved in the patient’s care—if the patient consents or doesn’t object when given the opportunity.

Myth 5: “Employees can’t be fired for HIPAA violations.”

Truth:
Yes, they can. HIPAA violations often result in disciplinary action, up to and including termination, depending on the severity and intent.

Myth 6: “HIPAA prevents schools or employers from asking about COVID-19 or vaccines.”

Truth:
HIPAA doesn’t apply to most employers or schools when asking for vaccine or health info. It applies to healthcare providers and their partners, not general information gathering by non-covered entities.

Myth 7: “You need a patient’s written consent for everything.”

Truth:
Written consent is not required for many routine uses and disclosures of PHI related to treatment, payment, and healthcare operations. It’s required for non-routine uses like marketing or sharing with third parties.

HIPAA laws are complicated and often times misunderstood.  Let the professionals at McShane & Brady guide you and help you get the compensation you deserve.

Contact your Kansas City HIPAA attorneys at 816-888-8010.

Back to Blog