top | item 38616853

(no title)

alexwilde | 2 years ago

The article covers this:

The Health Insurance Portability and Accountability Act, or HIPAA, regulates how health information is used and exchanged among “covered entities” such as hospitals and doctor’s offices. But the law gives pharmacies leeway as to what legal standard they require before disclosing medical records to law enforcement.

discuss

dragonwriter|2 years ago

HIPAA law and implementing regs include broad allowances for disclosure to law enforcement, some of which involve some degree of subjective judgement on the part of the covered entity (and most of which do not require a warrant), but, no, it does not allow pharmacies (or any other covered entities) "leeway as to what legal standard they require" (emphasis added) before such disclosure.

See, generally, https://www.hhs.gov/hipaa/for-professionals/faq/505/what-doe... and the regulations cited therein.

yold__|2 years ago

I work in this space, and your comment is completely wrong. Data covered by HIPAA is always covered by HIPAA. A covered entity would also include a health insurer, and all payment intermediaries, this is straight from the HHS faq (https://www.hhs.gov/hipaa/for-professionals/faq/covered-enti...)

alexwilde|2 years ago

Did you read the article? I've read through what you've linked as well as this page: https://www.hhs.gov/hipaa/for-professionals/faq/190/who-must...

I'm not seeing anything that explicitly calls out Pharmacies.

bonestamp2|2 years ago

Wow, that's a gaping privacy loophole.

dekhn|2 years ago

HIPAA was never a law about privacy of medical data. It's a law that governs the management of medical data, with very limited protections for privacy. I think most people misunderstand that law, its purpose, and its implications.

ThinkingGuy|2 years ago

The P in HIPAA stands for "Portability," not "Privacy."