Skip to Accessibility Tools Skip to Content Skip to Footer

HIPAA Basics for Migraine Patients: Spotting Violations

The Health Insurance Portability and Accountability Act (HIPAA), a 1996 federal law, gives patients rights regarding their health records and information. To make sure your rights are being honored by your health care providers and other organizations that must follow this law, it’s important to know how to spot violations.

This article is the second in a series of three about HIPAA: Part 1: Your rights, Part 2: Spotting violations of these rights, and Part 3: How to file a complaint about possible violations.

Under HIPAA, health care providers and other covered individuals and organizations have an obligation to protect and keep private your medical information if personally identifying information about you is involved.

Examples of HIPAA Violations:

  • The contents of your medical records are left in public view of patients or others.
  • Your medical records are left unattended where others could look at them.
  • Your health care provider discusses your case in a public place, such as an elevator, cafeteria, etc. Even if the place is outside the clinic or hospital setting.
  • Your medical information is stored or disposed of without any precautions to safeguard your privacy.
  • A staff member discusses your protected medical information where others can overhear what’s being said.
  • Your health care provider discusses your protected health information with their friends or family members.
  • Your protected medical information is included in an email or discussed via social media, such as Facebook, Twitter, a blog, etc.
  • Your medical information is shared with anyone who does not have a need to know the information, such as a member of the office staff who is not involved in your treatment.
  • Your health care provider speaks with or otherwise shares your protected health information with one of your friends or family members without your authorization (except under rare exceptions).
  • A friend or family member who works for a health care provider accesses your health information without any legitimate need to do in order to provide you with medical care.
  • Someone who is otherwise entitled to access your medical information for a legitimate purpose accesses more than the minimum necessary.
  • Your information is released to the wrong patient, such as someone with the same name. Your health care provider has an obligation to be sure the correct record is being shared by asking for verifying information, such as your date of birth.
  • Failure to release your information to you when required to do so.

This list of examples is not meant to be exclusive.

I’ll be covering more information about HIPAA in part three of this three-part series: How to file a claim if you believe your HIPAA rights have been violated.

If you have questions about HIPAA or tips to share with other patients, please share them in the comments.

This article represents the opinions, thoughts, and experiences of the author; none of this content has been paid for by any advertiser. The team does not recommend or endorse any products or treatments discussed herein. Learn more about how we maintain editorial integrity here.


  • Renee Ellis
    5 years ago

    I am employed at a doctor’s office. My ” former” Neurologist, who is also employed by the same practice, decided not to treat me any longer after I told him the 2 year Botox injections for Migraine Headaches was not working. I was stunned and a series of inner office emails were sent between me and his assistant. Basically, I said “if you aren’t getting the big money for injections, you won’t see me as a patient and treat me?” I asked for a referral to a specialist, which never happened. I have suffered with debilitating attacks for 25 years and am now without a doctor. After a recent 3 day migraine and 1 missed day of work, I was written up for “excessive absence”. After speaking to my new boss, she stated that my former Neurologist forwarded the emails to the owner of the practice. Is this not a violation of Hippa Policy? It is not in my medical record but both the owner and my supervisor are now aware of my personal medical information.

  • Diana-Lee author
    5 years ago

    Yes, I think this is a violation. It’s still your personal, protected medical information and it was shared with someone who had no business knowing about it. UGH!

    Part 3 of this series will get into details about how to make a complaint, so hopefully that will be of use to you.

    Best of luck finding a true Headache Disorders specialist with the knowledge necessary to treat you. I’m so very sorry you’re in this crummy situation, Renee.

  • Poll