Jorg said:
" The privacy rule of Title II of HIPAA (like the rest of it) is a pretty convoluted thing to navigate and it is hard to make sweeping generalizations about what can and can't be done. The actual requirements are fairly short, but the documentation discussing their implementation goes on and on and on."
I'm the HIPPA Coordinator in a Hospital. Jorg is right, there are so many exceptions on both the Federal and State level, it's mind boggling! Just few fast examples, in my state of Texas, The state health department, Adult Protective Services and State Parole get a blanket exemption to ALL HIPAA requirements. They can just call and say, "Send this." The client's only option is to hire an attorney to appear before a judge and and attempt a quash of the request (demand) of the agency, that is if the client even knows what the agency is up to. In over 10 years of doing this, I recall only 2 successful quashes. One woman was it tears begging us to ignore an agency request.
Despite what the law says in black & white, there are so many grey areas and each case is really quite individual. Everyday I have to make judgement calls. I apply the law as best I know how. Now I have managed to protect
and advocate for some folks. That's usually in ugly divorce cases where a spouse was trying to railroad the other person. If it's the government going after the information, they need a good lawyer!
Bottom line: Anything you tell your doctor or case worker, any tests you do, are not private. Electronic records, with requirements for on-line file sharing, being pushed by Obama, will be the nighmare of all record custodians!