Under the HIPAA Privacy Act a Health Care Provider Can:
​

• Allow patients to sign their name at the receptionist's desk while waiting for an appointment.

​

• Call out a patient's name to escort the patient to an examining room.
   

• Leave a patient's medical record on the door of an examining room if the patient is in the room.
   

• Call and leave a message on a patient's answering machine regarding an appointment or test result as long as the patient provides permission.
   

• Disclose medical record information to the patient's health care plan via fax, phone or mail if requested by the health care plan.
   

• Discuss claim payment information regarding treatment, health care operations, or treatment issues with a patient's health care plan.
   

• Disclose your protected health information without authorization under these situations: As required by law; Public Health issues, i.e. Communicable diseases, health oversight, abuse or neglect; Food and drug administration requirements; Legal proceedings; Law enforcement, Criminal activity, Inmates; Coroners, Funeral Directors and Organ Donation; Research; Military Activity; National Security; Workers' Compensation.
   

• Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500. Other permitted and required uses and disclosures will be made only with your consent, authorization or opportunity to object unless required by law.
   

• Under the HIPAA Privacy Rule, a provider is a covered entity and there are exceptions from the rule in order to exchange information for treatment, operations or payment purposes. The Office of Civil Rights (OCR) of the Department of Health and Human Services is charged with interpreting the HIPAA Privacy Rule and has publicly stated that the Privacy Rule "does not require a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations."