How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Nancy Your Own Question
Nancy, Psychotherapist
Category: Mental Health
Satisfied Customers: 746
Experience:  ABD for a PhD in Psychology, Psychotherapist for over 20 years
Type Your Mental Health Question Here...
Nancy is online now
A new question is answered every 9 seconds

I informed my employer today of the medications and dosages

This answer was rated:

I informed my employer today of the medications and dosages I am currently taking for anxiety and depression. I did this because I felt it was the responsible thing to do as an employee, because my performance at work has not been up to par. My employer's spouse is an RN and best friends with my Mother In-Law. They have both been RN's for over 20 years. Ironically, they had a conversation tonight in which my name was mentioned by my employer's spouse to my mother in law asking my mother in law about my medical conditions, specifically asking if I am bi-polar. There are two witnesses to this. Neither one of these women have ever treated me or seen me as a patient and as far as I know they have never accesed my medical records, or even had a need to. I feel this was a direct violation of my personal medical information between my employer and I and possibly his spouse whom is an RN. What do I do and what are my rights. I need to know as soon as possible. Thank you.



Yes, I agree, I think your personal medical information being passed on to your bosses spouse constitues a violation.


You may have recourse, but you need to follow a chain of command and DOCUMENT it as carefully as possible.


I'd suggest doing two things: speak with your employer first. Get your employers take on the situation - this may not have transpired as you think -- your MIL could have brought it up first... or who knows.... but speak with your employer first - just a simple question as to how it came up - don't be angry or defensive no matter what he/she says -- just go on a fact finding mission.


THEN: call your company's Human Resource department and speak with the highest person in that department. Ask what the rules are about your boss speaking to other people outside the company about your personal medical information.


THEN take all of that information to an attorney. With all of that, see if you have a case.


Let me know how this all works out for you... okay?





Nancy and 2 other Mental Health Specialists are ready to help you
Customer: replied 7 years ago.
Thanks for the quick response! 2 things here I am concerned about. First of all, I know there is no way my MIL knows what meds I am taking. Secondly, we don't have a human resourses department. I work for a small business with four employee's.

I was afraid of that... okay - so ask the employer and then speak with an attorney if you want to pursue this legally.


If not - know you hold some pretty powerful cards- and see what she is willing to do about her mistake...


The botXXXXX XXXXXne is you have to decide what your goal is and go at it from that angle.



Customer: replied 7 years ago.

Thanks again, so what rights of mine did my employer violate?

Your medical privacy is covered under Federal Law. Here's some information:


Per section 1177 of HIPAA, a person who knowingly

  • uses a unique health identifier, or causes one to be used;
  • obtains individually identifiable health information relating to an individual; or
  • discloses individually identifiable health information to another person;

is in violation of HIPAA regulations. Such persons are subject to the following penalties:

  • a fine of up to $50,000, or up to 1 year in prison, or both;
  • if the offense is committed under false pretenses, a fine of up to $100,000, up to 5 years in prison, or both;
  • if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine up to $250,000, or up to 10 years in prison, or both.

HIPAA also provide for civil fines to be imposed by the Secretary of DHHS "on any person" who violates a provision of it. The maximum is $100 for each violation, with the total amount not to exceed $25,0000 for all violations of an identical requirement or prohibition during a calendar year.


Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA is the federal law that establishes standards for the privacy and security of health information, as well as standards for electronic data interchange (EDI) of health information.


HIPAA has two main goals, as its name implies:

  • making health insurance more portable when persons change employers, and
  • making the health care system more accountable for costs -- trying especially to reduce waste and fraud.

HIPAA aims to improve accountability in part through what it calls administrative simplification -- a term that translates, roughly, as "promoting efficiency."

The principal means of promoting efficiency is better use of information technology. Health care is -- or, at least at the time of the legislation, was -- still very "uncomputerized" compared to other parts of the economy, particularly in its use of paper for personal health records.

Broader use of computer systems increased concerns about misuse of patient's health information, hence the inclusion of privacy and security provisions as part of HIPAA along with EDI standards.

HIPAA as implemented has four health information standards, and four associated sets of regulations or "rules":

HIPAA is also known as the Kassebaum-Kennedy Act, or the Kennedy-Kassebaum Act.