CONFIDENTIALITY OF HEALTH INFORMATION
The confidentiality of your health information is protected by federal and State law.
The Health Insurance Portability and Accountability Act (HIPAA) regulates certain entities in
their handling and use of your medical information.
Who is regulated?
HIPAA regulates entities called covered entities. Covered entities are:
Health plans, which are individual or group plans that provide or pay the cost of medical care;
Health care clearinghouses, which are third-party intermediaries between providers of healthcare and those who pay for healthcare; and
Health care providers, which are persons who provide medical or health services, and any other person or organization who furnishes, bills, or is paid for health care services.
What Information Is Protected?
HIPAA regulates the use and disclosure of individuals’ health information and gives you
rights to access your medical record and to keep your information private. HIPAA
protects all “individually identifiable health information” held or transmitted by a covered
entity, in any form or media, whether electronic, paper, or oral.
“Individually identifiable health information” is information, including demographic data,
that relates to:
The individual’s past, present, or future physical or mental health condition
The provision of health care to an individual;
The past, present, or future payment for the provision of health care to the individual;
Any information that identifies the individual or for which there is a reasonable basis to believe the information can be used to identify the individual.
HIPAA does not protect individually identifiable health information:
In education records covered by the Family Education Rights and Privacy Act (FERPA);
In employment records held by a covered entity in its role as employer; and
Regarding a person who has been deceased for more than 50 years.
What medical information do employers have to keep confidential?
The Americans with Disabilities Act (ADA) requires employers to keep medical information of applicants and employees confidential. However, the ADA’s confidentiality provision applies to medical information the employer learned from medical examinations and medical inquiries. It does not protect medical information that has been made public or disclosed by the employee to the employer when the employer is not making a medical inquiry. Self-disclosures such as posting medical information on social media or disclosing medical information to your employer when your employer has not made a medical inquiry remove the confidentiality protection.
Wisconsin law is more stringent than the protections afforded by HIPAA and protects the confidentiality of your medical records. Wis. Stat. § 146.82(1). However, the law provides for several exceptions to facilitate the efficient provision of and payment for health care. Your medical information may be shared for the purposes of treatment, health care operations, payment, and for preventing a serious and imminent threat to a person, or the public’s health or safety.
If you believe your confidential health information has been wrongfully accessed or disclosed without your consent, please contact Zimmer & Rens LLC to discuss your options for enforcing your rights. Depending on your circumstances, you may be able to bring a claim seeking financial compensation.