The three main sources of protection for HIV-related information are the Health Information Portability and Accountability Act (HIPAA), state laws specifically protecting HIV-related information and “common law” created through lawsuits, such as those including claims for invasion of privacy or defamation.

HIPAA applies only to medical information that is disclosed or shared between a patient and a health care provider. Also, if there’s a violation,  patients can’t file lawsuits on their own; such cases can only be prosecuted by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR).

The state laws specifically protecting HIV-related information vary widely from state to state. Many of them apply only to test results or to information shared within the context of the patient-provider relationship. And because the monetary awards are often small, they aren’t a very strong deterrent—although some advocates have been able to use these laws to leverage out-of-court settlements or better behavior by those in violation.

Lawsuits brought under state common law are another tool to consider when there has been significant harm that can be documented. Such cases are not easy to win, however. It is best to consult an attorney to determine whether this is a good legal strategy for you.

If you believe your privacy rights have been violated, please contact Lambda Legal’s Help Desk.

Founded in 1973, Lambda Legal is the oldest and largest national legal organization whose mission is to achieve full recognition of the civil rights of LGBT people and all people living with HIV through impact litigation, education and public policy work. 

Go to LambdaLegal.org/Know-Your-Rights for more information.