What are your privacy rights under the Health Insurance Portability and Accountability Act (HIPAA)?
Anti-review contracts pretend to provide greater patient privacy by claiming the doctor won’t sell your name to third party marketers. However, federal (and state) laws already require doctors to protect your information from third party marketers. Specifically, the Health Insurance Portability and Accountability Act (HIPAA) prohibits “medical providers, including doctors, from communicating or sharing protected patient health information (PHI) with any third parties, unless the patient has provided written or oral consent.” See 45 CFR §§ 164.508 and 164.510.
What does this mean? You don’t have to promise your own silence to protect your medical privacy. Anti-review contracts do not provide any greater privacy than the law already requires.
In fact, the federal government has told doctors that they cannot promise to follow HIPAA as a way of buying your “silence.”
Do any other laws protect patient privacy?
Several states’ health privacy laws also keep patient healthcare information confidential. In many instances, these protections exceed HIPAA’s. For example, California health privacy law only allows doctors to disclose patient information without consent in two narrow situations: (1) when treating a patient in an emergency, and (2) when billing a patient who has a debilitating condition that makes him unable to consent to disclosure. In these cases, it’s even clearer that the doctor’s privacy promise to patients in anti-review contracts does not, in fact, provide any additional privacy protection.