HIPAA, the most comprehensive and as of now, the only truly Pan-American federal statute on health information, is unfortunately, still a target of misconceptions and myths. In particular, the Privacy Rule, which is the cornerstone of HIPAA's rule on confidentiality of patient information, offers room for many misconceptions.
A common HIPAA Privacy Myth relates to the communication of mails between the patient and the physician. It is a common misconception that since the Privacy Rule is about ensuring the patient's privacy; it disallows email communication between the doctor and the patient. HIPAA Privacy Rule does allow this form of communication, so that the requisite safeguards are built into the communication aimed at ensuring the confidentiality and integrity of the mails.
Another of the common HIPAA Privacy Myths pertains to the transmission of patient information from one healthcare facility to another. Fact is, no permission is required for Covered Entities to disclose patient information from one clinic to another. The Covered Entity can also share Protected Health Information about the patient for legitimate purposes without the patient's consent or knowledge.
Many people tend to believe that the HIPAA Privacy Rule is a tangled web of regulations that are so complex and painstaking in terms of the administrative detail that implementation of the HIPAA Privacy Rule on a national scale is going to burn a hole in the national exchequer. This is completely untrue. On the contrary, over the years, implementation of the HIPAA Privacy Rule has been bringing down the administrative costs quite significantly, resulting in saving of a few billion dollars in the long run on administrative tasks like transactions.
One more HIPAA Privacy Myth relates to sharing of directory information about the patient. A common misconception is that a hospital cannot list a patient in its directory and cannot share this information with the public. It can, unless the patient wills otherwise. The directory information, consisting of the patient's name, location and general condition, can be shared with those who ask for it, but only with the patient's consent. If the patient instructs the healthcare center to stop sharing this information, the hospital has to stop sharing it.