My supervisor showed my doctors note to another employee. Is that a hipaa violation?

my supervisor showed my doctors note to another employee. is that a hipaa violation?

No...

No. Your supervisor is not bound by HIPAA.

Is your supervisor providing you with medical care? If not there is no violation. It may be a breach of ethics, but you gave the info to the supervisor.

Do you know why it was shown? Did the note include diagnostic info?

Unless you work for a health care agency, and they provided the medical treatment for you, then it is not.

This applies to how medical professionals give out info.

It is or may be a violation of company policy, but it is not a HIPAA violation

FR_Chuck,
You need to talk to your HR department. For a supervisor to disclose any health information about you is a violation of HIPAA. HIPAA laws are not isolated to the medical community. I'm on FMLA and for my company or a representative of the company to tell anybody why I'm on FMLA is a violation of HIPAA. That is MY personal information and they do NOT have MY permission to disclose that information.

FR_Chuck,
You need to talk to your HR department. For a supervisor to disclose any health information about you is a violation of HIPAA. HIPAA laws are not isolated to the medical community. I'm on FMLA and for my company or a representative of the company to tell anybody why I'm on FMLA is a violation of HIPAA. That is MY personal information and they do NOT have MY permission to disclose that information.

Normally, I would remove this because it is a 5 month old thread. However, I believe you are incorrect here. HIPAA covers medical providers. It does not cover none medical providers as far as I know. If you can cite any part of the law that extends to non-medical providers please do so.

In your company, it may be a violation of company policy and confidential rules. It is also possible that it is a violation of FMLA. But I doubt if it's a violation of HIPAA.

There is the misconception that unless the person's a medical provider then it's not a HIPAA violation and that's just not true. If the individual were to tell a supervisor of a medical condition then that's on the person. However, if HR is aware and they tell others, then that's a violation of HIPAA. PHI is under HIPAA and violating PHI is a violation of HIPAA.

How Does HIPAA Apply to Employers?

While employers in general, including those who sponsor group health plans, are neither covered entities nor business associates of covered entities, they still may be subject to HIPAA if they do, in fact, sponsor a group health plan. This is because the regulations relating to group health plans place stringent conditions on the disclosure of PHI of participating employees from the group plan to the plan sponsor. The compliance requirements imposed on an employer that is a plan sponsor will vary depending on the type of group plan, the employer's level of access to employee PHI, and the employer's involvement in the administration of the group plan.

For employers that sponsor fully insured plans and have very limited access to PHI, the requirements may be as simple as ensuring that there is no retaliation against employees who exercise their HIPAA rights and that plan participants are not permitted to "waive" their rights under HIPAA.

For employers that sponsor other types of plans and that have more extensive access to PHI, compliance can be much more complicated. Such employers may be required to:
•adopt a privacy policy
•prepare a notice of privacy rights for plan participants and actively distribute it to plan participants
•appoint a HIPAA compliance officer
•train all employees with access to PHI on privacy requirements and procedures
•limit the employees with access to PHI
•discipline employees who violate the privacy policy and mitigate the harm caused by the violation
•store all PHI in a secure location
•enter business associate agreements in which all business associates agree to comply with HIPAA regulations
•explain the rights of plan participants to the participants and ensure that they are allowed to exercise those rights without retaliation.


http://wraltechwire.com/business/tech_wire/opinion/story/2159946/

Ok, but your interpretation here is wrong. You stated; "For a supervisor to disclose any health information about you is a violation of HIPAA." That is not an accurate statement. While it MIGHT be a HIPAA violation it depends on how the supervisor got the information. In the case of the OP, they showed a doctor's note to the supervisor. There is no indication why they did or what requirements there were to do so. There is no indication how large the company is whether this was related to health insurance or what.

HIPAA is directed at medical providers. What you cited means that HIPAA protections MIGHT be extended to employers if they provide certain levels of insurance coverage. Further those protections refer to medical info they received AS PART OF THEIR PROVIDING MEDICAL COVERAGE. Yes if an HR/Benefits dept received info as part of employee health insurance coverage. that is probably covered by HIPAA. But a supervisor being told about care is probably not.

We pride ourselves on the accuracy of the advice given here And your advice was not accurate. Had you qualified it in more detail. It could have been accurate, but the way you stated it, it was wrong.