(WXYZ) — Breaking HIPAA rules is not only a serious matter with someone's employer, it could result in criminal charges and penalties, including anything from a fine to prison.
"There is nothing more private than what you talk about with your doctor or other health care providers," said attorney Jim Rasor.
Most of us think health information should be not only be private but also protected, and that's where HIPAA comes in. The federal government put the Health Insurance Portability and Accountability Act in place to ensure you have rights over your own health information.
"HIPAA means that you are in control of your medical information. HIPAA means that you can tell them not to send it to certain doctors, that you can tell them only to allow your other doctor, one other specialist to see it. They don't have to give that information out to everyone," said Rasor.
"My wife's in the medical field, and she cannot even talk to me about anything that goes on in the clinics she supervises," said John Loria.
Those who must by law comply with HIPAA rules are health providers including psychologists, dentists and pharmacists; health insurance companies including Medicare and Medicaid; Clearinghouses and business associates which can be third parties that help process your health information including claims.
And according to the HIPAA Journal, if HIPAA privacy rules are broken not only could the person or people involved lose their job, they could face criminal charges, fines and imprisonment, especially if a health care worker went rogue, obtaining your health information for personal gain.
"It is an egregious violation when any information is released to strangers, third parties, people with an ax to grind. In most of the cases, it winds up getting into the hands of either your ex spouse's new significant other, or your ex spouse, and then it winds up online," said Rasor.
On WXYZ's Facebook page, we asked you for your questions about HIPAA, and one person asked, "why does my husband have to wear a mask at work and all the vaxxed get to wear a sticker? Isn’t that a violation of HIPAA?"
But according to the HIPAA Journal, the federal privacy rule does not apply to this situation, because HIPAA pertains to health care providers and other HIPAA covered entities.
"I think a lot of people don't understand HIPAA, the rights they have under HIPAA," said Loria.
Someone else asked, "what has happened to the HIPAA law? How can everyone have the right to ask if we’ve been vaccinated, doesn’t that fall under the HIPAA law? How are employers able to confirm whether or not employees have been vaccinated?? All these are personal medical questions!??"
"The fact is that you do not have to provide your employer anything. But the counter fact is, is that if you don't provide it to them, they might fire you, and you won't have any recourse," said Rasor.
And according to Steve Alder of the HIPAA Journal, asking about vaccine status would not violate HIPAA. And while the privacy rule does not even apply to most employers. He says it's possible other laws could be violated if a company requires employees to disclose additional health information, such as the reason why they are not vaccinated.
"Nobody should know what your condition is other than yourself and your doctor," said Jerry Howe.
And if you don't know what's in your health record not just your portal, you should know that while there are a few exceptions, you have a legal and enforceable right to see and receive copies of your records and the hospital or insurance company has to turn them over, for a reasonable cost, within 30 days.
"You have a right to look at that medical record and to correct inaccurate information. And I can tell you, after 30 years of trying cases, there's a lot of things that are put into people's charts that are wrong," said Rasor.
If you believe a HIPAA covered entity or its associates violated your privacy rights, you can file a complaint with the Office of Civil Rights by clicking here.