1. Money
You can opt-out at any time. Please refer to our privacy policy for contact information.

HIPAA Definition of the Top Three Most Common HIPAA Privacy Exceptions


HIPAA or the Health Insurance Portability and Accountability Act is a law that protects a patient's privacy. One can get an overview of HIPAA law and regulations by first reading HIPAA Frequently Asked Questions.

After understanding HIPAA's definition and how it protects a patient's privacy, one may be interested in learning about HIPAA's privacy exceptions. HIPAA's privacy exceptions give healthcare providers, and others who are required to follow HIPAA, an exception in some areas where they don't have to follow some privacy rules outlined by the HIPAA law.

It is important for a patient to know about these HIPAA privacy exceptions so they can be aware of what information about them may be legally disclosed without the HIPAA protection.

Top Three Most Common HIPAA Privacy Exceptions:

Patient Treatment: A patient's health information can be shared and viewed by different healthcare providers if it is for the purpose of treatment for a patient. An example would be when a patient is referred to a specialist by their primary doctor and the primary doctor gives the specialist a patient's health information to facilitate treatment of the patient.

Payment for Services: The healthcare information of a patient can also be shared with another healthcare organization without complying to the privacy rules of HIPAA if it is for the purpose of payment of services. An example would be when a doctor needs to file information with a patient's health insurance provider for payment of services.

Healthcare Operations: A patient's healthcare information can also be used without consent of the patient for healthcare operations. Various healthcare operations include internal improvement, review of healthcare professionals, healthcare provider and doctor evaluations, training programs and business development. An example of the healthcare operations exemption would be if the doctor's office were doing an internal review of how they handle patients in order to treat patients better and more quickly. The doctor's office would not need to get the consent of a patient to do this type of internal review even if some of the internal review uses the patient's healthcare information for the process.

©2014 About.com. All rights reserved.