Hacker News new | past | comments | ask | show | jobs | submit login

I think it was more along the lines of "Jenny isn't on the call today because she's out with COVID, which is extra bad because she's pregnant".

It's not HIPAA protected because that person isn't Jenny's doctor, but it's still PHI.




No, it's not. That information may be "HI", but it's not "PHI", that is the "protected" part has a specific legal definition under HIPAA, and nobody in that call has any additional legal requirements based on the fact that someone said Jenny is pregnant.


Doesn't that depend on how they know that information? If that's Jenny's boss on the phone and she shared that with her boss so she could claim FMLA benefits and days off for health reasons, doesn't her boss have a duty to keep it private?


No. HIPAA is about sharing PHI between covered entities. P stands for Portability. Unless Jenny is working in one of those covered entities and Jenny's boss learned about her covid and pregnancy by pulling PHI - then no, it's no under HIPAA.

Her boss doesn't have a duty to keep it private in any legal sense. Jenny can ask not to tell anyone, but legally, it doesn't matter.


To clarify, the P in HIPAA is "portability", in PHI it's "protected". Confusingly there's also PII where it's "personally".


PHI is a technical term that means you are talking about HIPAA restrictions. Other laws can very well limit what you can share, but that doesn’t get referred to as being PHI.


I don't think the acronym helps. I should know better but still read it as Personal Health Information in my head




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: