HIPAA laws and me

Hi, everyone. I was recently off work a few days for a severe urinary tract infection. My first day back, the phone rang, and I answered, and it was my boss’s spouse. He asked how I was and I said “fine, thanks”. He then said “you must have had a really bad urinary tract infection to be off for a couple days”. Now it’s not the end of the world, I know, but isn’t medical stuff supposed to be private, and protected by laws? The spouse does not work there, and wasn’t privy to water cooler “gossip”, the ONLY way the spouse could have known about my UTI was if my boss gave that info out. I think it was unprofessional, and I think there should be SOME sort of action on my part, but I don’t know exactly what. I cannot privately talk to my boss and say I’m upset about this, because my boss is not an understanding, respectful-of-others person you can have a decent conversation with. And if I go to HR, they may help me because they have to, but then they’ll make my life miserable. But I don’t feel like being “bullied” into letting this slide… Any thoughts or suggestions?

AFAIK, and I could be wrong about this, since I only ever dealt with this from the other end, HIPPA doesn’t really apply here, because your boss isn’t a health care provider. I agree he done did wrong, but I don’t think it was HIPPA that was violated.

HIPAA sets up guidelines for the medical industry, not for everybody else.

Did you share details about your Dx with your boss? If so, he’s beyond HIPAA’s reach but possibly violated some confidentiality rules at your company. Your only options are talking with your boss or taking it to HR. If you really can’t do either, just let this knowledge guide your relationship with the boss in future.

If the boss got the information from medical personnel without your approval, you might have a HIPAA complaint. But that still wouldn’t touch your boss-who appears to be the problem here.

What they said. If you told your boss “I’m taking off work because of a UTI” then you’re out of luck; he can tell whoever. If you work at a clinic, you got your medical there and just told your boss you needed a couple sick days, and he checked your chart to find out why, then he violated HIPAA in a big way.

Thanks to all of you for your responses. I did have to give a reason why I wasn’t coming to work, as well as a doctor’s note, so yes, even tho I gave those to “upper management”, I suppose my dept. manager had access to them. I assume he did violate some sort of company rule, because I know literally every employee there had to sign a paper that they understood that employees medical info was private, and not something we should discuss in or out of the workplace unless that employee specifically gave permission. For instance, we have an employee who recently had a heart attack… that employee gave permission for them to post the info on the lunchroom bulletin board, and gave their home address so we could send get well cards. But I gave no such permission.
I have to be honest, the fact my boss is such a pompous SOB is playing heavily into this. He’d be the first to nail someone to the wall for any infraction of the rules, and he breaks the rules regularly and gets away with it. I’d like to see him sweat, I admit it.

Even though you think HR will make your life difficult in the aftermath, this is why they are there, go to them.

No, it isn’t. They are there to help the company avoid lawsuits and hire people. You might consider talking to an employment attorney - the appointment would be free - but I wouldn’t go beyond that.

Wouldn’t violating HIPAA result in a lawsuit? :rolleyes:

Perhaps, but (1) this isn’t a HIPAA violation, because the OP’s employer is almost certainly not a covered entity under 45 CFR §160.103; and (2) the maximum penalty for a single HIPAA violation is $100.00.

In this case, HR would be more worried about violations of the privacy laws of the state where the OP works, or one of several possible employment law actions based on violation of the employer’s own policies.

Have fun rolling your eyes, though.

It’s HIPAA, dagnabbit.

I sit corrected! (unlike you clearly, I haven’t memorized the employment law code) Still a lawsuit’s a lawsuit, whether it was HIPAA or employee comfidentiality.

AFAIK, the doctor’s note just has to say you can’t come to work (or that you missed work) due to an illness or injury. It does not have to say exactly what was wrong with you. Your boss or HR do not need to know your diagnosis, just that you were unable to come to work.

Yeah, I’ve worked for this guy, too.

I haven’t memorized it either, and HIPAA has nothing to do with “the employment law code”, which is exactly why I had to correct you. I happen to know the Federal regulations which define covered entities because I work in a field which requires some basic knowledge of HIPAA exceptions.

In any case, HR’s interest in “preventing a lawsuit” is limited to making sure they document everything that will cover the employer’s own ass, not in protecting the OP.

ETA: in any case, posts 2 and 3 had already pointed out that HIPAA doesn’t apply here.

As others have already pointed out, state privacy laws are the place to go if you feel litigation is the best solution.

I’m still trying to wrap my head around the fact that your boss’ SPOUSE called you. That is all kinds of WTF?!?!

I’m assuming the boss’ spouse is also his secretary or an office manager or something.

Since this is a personal situation, I’m moving it from General Questions to IMHO.

samclem. Moderator

[emphasis added—DHMO]

wow, who woulda thought that a general question (which it definitely was) wasn’t a general question? I can’t believe this post was moved “because it wasn’t a general question”. I didn’t post an opinion, I posted a question. Guess you are taught quickly how things go around here. Whatever.

Thanks for the help, everyone. Hazel, my boss’s spouse did not phone ME, my boss’s spouse phoned to talk to my boss, but when the phone rang, I just happened to answer it.

You are correct–you posted a question. Questions which are likely to be answered with advice and opinions (especially legal or medical advice) are generally moved swiftly and without predjudice to IMHO, where this thread now resides.

Persons who persistantly ignore these rules, do so at their peril, but no one will hold a few newbie mistakes against you.

On topic, my advice is to let it go, but never ever tell your boss anything personal or potentially embarassing again.

How exactly you can avoid doing so in the event of a future severe uti for which you need time off and a doctor’s note, I don’t know.