A nurse who has completed HIPAA training should recognize which statement as true about patient privacy?

• A. Faxing of information is prohibited by HIPAA.
• B. I need to verbally provide the patient with the privacy notice.
• C. I cannot discuss a patient's health history with family members without the patient's permission.
• D. Financial information relating to payment for services is not subject to HIPAA regulations.

Answer: (C)

The main concept is that HIPAA protects patient privacy by limiting disclosures of protected health information (PHI) to those who are authorized or designated to receive it. In practice, you cannot share a patient’s health history with family members unless the patient has explicitly allowed those individuals to receive information or there is a legally authorized reason to disclose on the patient’s behalf. If a patient is capable, you should ask who may receive information and obtain permission before sharing PHI with family; if the patient cannot consent, a legally authorized representative may authorize disclosures necessary for care. Other statements aren’t true: PHI includes financial information related to payment for services and can be shared only under the same privacy rules, and privacy notices are provided according to policy (often in writing, not just spoken). So the idea that you cannot discuss a patient’s health history with family members without the patient’s permission best reflects HIPAA practice.