HIPAA on Contact Information for Patients


You may contact a patient or view her health information, according to the U.S. Department of Health and Human Services guide to HIPAA, under the following conditions: You need it to provide medical care, process billing, or make a legal report; you are an immediate family member; or the patient has given her written permission for you to view her protected health information.


Unless you meet the HIPAA guidelines, you will be limited in how you may contact a patient or get information, even if you know the patient. For example, if you wish to pay your 18-year-old daughter's medical bill, the doctor's office will not tell you what she owes unless she has given written permission to share it with you.


If you need access to the patient's protected health information, HIPAA law requires you to have his permission, usually in writing. If possible, always arrange for a written document of legal representation beforehand, and bring your identification with you to the hospital or doctor.

As a practical matter, at most hospitals, if you know the patient's first and last names, and you can spell them correctly, staff will tell you his room number, but nothing else. However, if you contact the hospital operator and give her the room number, she will connect you to the patient's phone extension.


If you do not have the patient's permission to contact him, go through her doctor or health care provider, who will then ask the patient if you may contact him or view his medical record. If the doctor is not available, you should contact the family and ask permission through them.


The Privacy Rights Clearinghouse points out that HIPAA regulations, though sometimes a hindrance, are for the benefit of the patient. Before HIPAA, not all states allowed patients to see their own medical records. Today, that medical record belongs to you. With electronic records and the Internet, patient records, once kept in paper folders locked in doctors' offices, are now easily shared. The Health Insurance Portability and Accountability Act of 2003 completely changed how health records may be used and who may see them. The result was stringent regulation about who could view private health information. This created specific rules about how you may contact a patient or view the patient's records.