The Truth About HIPAA: How Misunderstanding the Law Harms Patients
- Teri Frykenberg
- May 14
- 3 min read
Last week, one of my students—a former ICU nurse now working as a professional patient advocate—called me with a troubling situation. Her client, a stroke survivor with speech difficulties, had hired her to navigate a complex healthcare journey: an ICU stay, complications in the hospital, and a transfer to a rehab facility for ongoing therapy.
But once the patient arrived at the rehab center, things got difficult.
Despite presenting a HIPAA authorization form that legally designated her as the patient’s representative, my student was repeatedly denied access to medical records. Nurses and administrators refused to provide progress notes, medication lists, and other essential documentation—citing HIPAA as the reason.
HIPAA: What It Is—and What It’s Not
Let me be clear:
HIPAA was never intended to block care coordination.
Its purpose is to protect private health information from being shared with unauthorized parties—not to interfere with communication between a patient and their legally designated representative.
Unfortunately, many healthcare professionals still misunderstand this law.
They believe “HIPAA” means don’t talk to anyone except family members, or worse, don’t share anything at all. This misinterpretation leads to dangerous fragmentation of care.
What HIPAA actually does is ensure patients have control over their personal health information and that their confidentiality is respected.
And under the 21st Century Cures Act, patients also have the right to access their full medical records—and to designate someone else to do so on their behalf.
In fact, the U.S. Department of Health and Human Services clearly states that a legally designated representative “stands in the shoes” of the patient and must be granted the same access the patient would have.
When Miscommunication Becomes a Medical Risk
In the case of my student, the patient was becoming increasingly frustrated and anxious. She had hired an advocate to act on her behalf, but the system was working against her.
This kind of unnecessary stress is more than frustrating—it’s dangerous. It delays care planning, prolongs suffering, and damages trust between patients and providers.
So, I gave my student some practical advice:
Speak directly to the Executive Director, kindly but firmly.
Explain her legal status as the patient’s representative.
Reference the 21st Century Cures Act and the risk of federal penalties for noncompliance.
Request a patient care conference to clarify the need for proper documentation and coordinated planning.
It worked.
Access was granted.
And the patient finally received the care support she deserved.
Why Skilled Advocates Are More Important Than Ever
This isn’t just one story.
This is happening everywhere.
When providers misunderstand HIPAA or let fear guide their decisions, patients suffer. But professional patient advocates know the system. We understand the laws. And we’re trained to push through when others throw up brick walls.
We don’t want conflict.
We want coordination.
And more than anything—we want what’s best for the patient.
I miss the days when healthcare workers used common sense and did the right thing without fear. But until that becomes the norm again, we need to ensure patient representatives are respected, informed, and empowered to act.
Let’s stop scaring our staff and start educating them—because at the end of the day, our job is to care for people. Together.
🔗 Learn more about how to become a certified patient advocate at https://nurseadvocateentrepreneur.com/course/
💬 Have you run into HIPAA challenges in your role as a caregiver or provider? I’d love to hear your story.
תגובות