Manage your account, request prescriptions, set up appointments & more.

Don't have an account
Contact Us
eDocTalk article

Helping you stay out of trouble: a few key examples of HIPAA violations

September 2017

As part of Legacy’s commitment to privacy, we want to make sure you are aware of issues that may violate patient privacy and protected health information. Our Privacy Office is in the unique role of observing privacy issues facing our clinicians and patients, so we’ve outlined some situations below as a reminder to every provider.

Patient confidentiality

The Privacy Office has investigated several cases recently where a patient has said they did not want certain information disclosed to family members, and it then was disclosed in the patient’s room.

When you go into a patient room to discuss that patient’s conditions, diagnoses and treatments, and the patient has family and friends in the room, what should you do?

  • Explain that you are there to discuss the patient’s private health information
  • Ask the patient if they want their family and friends to stay for the discussion
  • If the patient wants privacy, wait for everyone to leave the room
  • If the patient is OK with their family and friends staying, be sensitive to releasing only the required, minimally necessary information related to the current condition
  • If there is any sensitive information (HIV, STDs and the like) to be discussed, do this in private


We have an obligation to protect our patient’s privacy. They can decide. We need to ask.

Duty to Report — What to report to the Department of Motor Vehicles (DMV)

The Privacy Office has investigated two recent incidents of patients reporting that more information than necessary was reported to the DMV. Both were reported to and investigated by the Office for Civil Rights (OCR) under HIPAA rules.

Our providers have a duty to report certain conditions to the DMV if the patient’s condition could affect their ability to drive safely. Only the specific information relating to the ability to drive safely needs to be reported. Both patients complained that more information than necessary was disclosed. Our review did not substantiate any over-disclosures. Our providers did the right thing.

We wanted to highlight this to you as a reminder to report when necessary. Public safety matters. Keep your disclosures to the minimum necessary. Both OCR cases were closed with no findings.

     If you have questions about HIPAA privacy, please contact:  


Back to current edition home page