Patient Privacy

Regulators have logged dozens, even hundreds, of complaints against some health providers for violating federal patient privacy law. Warnings are doled out privately, but sanctions are imposed only rarely.

Deceased vets’ data has been sent to the wrong widows. Employees have snooped on the records of patients who’ve committed suicide. And whistleblowers say their own medical privacy has been violated.

Lessons from a year reporting on loopholes and lax enforcement of the federal patient-privacy law known as HIPAA.

Laura's Law could provide a middle ground between the old norm of total institutionalization and the new one of total abandonment. But the statute is struggling to reconcile forestalling tragedies with patients' rights.

An early look at a Pacific Standard story that's currently only available to subscribers.

Breaches that expose the health details of just a patient or two are proliferating nationwide. Regulators focus on larger privacy violations and rarely take action on small ones, despite the harm.

The federal privacy law known as HIPAA doesn’t cover home paternity tests, fitness trackers, or health apps. When a Florida woman complained after seeing the paternity test results of thousands of people online, federal regulators told her they didn’t have jurisdiction.

Even our most personal health conditions are part of a vast but hidden market for our medical data. Don't we deserve to know about it?

An early look at a Pacific Standard story that's currently only available to subscribers.

Yet another health insurer recently reported a massive data breach, affecting the financial and medical information of 11 million people. We asked the head of the federal agency tasked with investigating these issues whether the notion of patient privacy was outmoded.