Comment by nextaccountic 3 months ago
> Then randomly I got an email from HR, "Your medication is no longer covered."
> The fuck is my insurance company doing telling my HR what medication I'm on?
Isn't this a straightforward HIPAA violation?
That's wild; HIPAA mainly exists to protect medical data from employers (among other threat actors) in the first place
I'm 99% sure HIPAA just applies to medical personnel (i.e. nurses, doctors) so they can't outright share private information. Third parties (i.e. your mom or insurance companies) can share it all day without violating HIPAA.
It does not protect your medical data whatsoever.
Insurance companies are absolutely covered by HIPAA. If it’s true that the insurance company (and not some third party service or app) shared the information directly with HR this is definitely a violation.
https://www.hhs.gov/hipaa/for-professionals/covered-entities...
No. HIPAA is rarely straightforward, and in any event it’s not uncommon for employers to have some degree of access to claims data. In a case like this I assume the company self-funds the plan.