The Health Insurance Portability and Accountability Act, better known as HIPAA, provides a variety of protections to ensure patients’ privacy.

“The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.” (hhs.gov)

Even with the legal guarantee of privacy, millions of Americans experience HIPAA’s failures every day when they visit their doctors, hospitals and pharmacies.

Consider the intake area of an emergency room or urgent care facility. At the same time patients receive the HIPAA privacy compliance form, they are asked a host of questions about their medical condition and personal information that can be overhead strangers in the waiting area unless carefully protected by the healthcare provider. Far too often strangers learn too much information about fellow patients in doctor’s office lobbies and hospital waiting rooms.

Pharmacies face similar HIPAA privacy challenges. The most common question asked of an individual is to verify the identity of the prescription holder is the patient’s name and date of birth. This information is not something most people would want shared with strangers in the pharmacy line, but it far too often becomes public knowledge.

Recently one of our clients went to her local pharmacy, one of the largest in Los Angeles, to pick up a prescription. With a dozen people in a line that began 3 feet behind the counter, she heard the technician announce from the back of the pharmacy, “You wanted the generic of Xanax not the brand, right? It’s ready now. Do you want a consult with the pharmacist?” (If she didn’t need the Xanax before, she said she certainly needed it then).

How can patients better protect their privacy?

• Ask the intake staff to either provide a private area within the doctor’s office or hospital to discuss your paperwork and history, or ask that the staff find another way to guarantee your privacy. HIPAA requires that healthcare providers protect your privacy, and you have every right to expect that they do so.

• At the pharmacy, ask to handle transactions in the consultation area or other private space, not the check out line. If you are forced to conduct your business in the checkout line, write your name and date of birth on a slip of paper and hand it to the pharmacy employee. Ask that person not to announce what types of drugs you are picking up or dropping off, and make a note of this request in your file for future visits.

If an individual feels that his/her rights have been violated, a complaint may be filed with Department of Health and Human Services Office for Civil Rights (OCR). The office has been historically slow to respond, but it may be worthwhile to attempt it. A state’s health insurance board or a variety of other governing bodies within various associations (American Medical Association, American Psychiatric Association, American Pharmacists Association and even the Better Business Bureau) might be able to offer assistance.