Federal health privacy regulations, commonly known as the Health Insurance
Portability and Accountability Act (HIPAA) regulations, came into effect in
April 2003. Many clinicians and institutions have relied on consultants and
risk managers to tell them how to implement these regulations. Much of the
controversy and confusion over the HIPAA regulations concern so-called incidental
disclosures. Some interpretations of the privacy regulations would limit essential
communication and compromise good patient care. This article analyzes misconceptions
regarding what the regulations say about incidental disclosures and discusses
the reasons for such misunderstandings. Many misconceptions arise from gaps
in the regulations. These gaps are appropriately filled by professional judgment
informed by ethical guidelines. The communication should be necessary and
effective for good patient care, and the risks of a breach of confidentiality
should be proportional to the likely benefit for the patient’s care.
The alternative for communication should be impractical. We offer specific
recommendations to help physicians think through what incidental disclosures
in patient care are ethically permissible and what safeguards ought to be
taken. Physicians should work with risk managers and practice administrators
to develop policies that promote good communication in patient care, while
taking appropriate steps to protect patient privacy.
Some tools below are only available to our subscribers or users with an online account.
Download citation file:
Web of Science® Times Cited: 13
Customize your page view by dragging & repositioning the boxes below.
More Listings atJAMACareerCenter.com >
Care at the Close of Life: Evidence and Experience
Disclosing the Diagnosis
The Rational Clinical Examination: Evidence-Based Clinical Diagnosis
All results at
Enter your username and email address. We'll send you a link to reset your password.
Enter your username and email address. We'll send instructions on how to reset your password to the email address we have on record.
Athens and Shibboleth are access management services that provide single sign-on to protected resources. They replace the multiple user names and passwords necessary to access subscription-based content with a single user name and password that can be entered once per session. It operates independently of a user's location or IP address. If your institution uses Athens or Shibboleth authentication, please contact your site administrator to receive your user name and password.