[jedberg]

Doesn't that depend on how they know that information? If that's Jenny's boss on the phone and she shared that with her boss so she could claim FMLA benefits and days off for health reasons, doesn't her boss have a duty to keep it private?

[0x457]

No. HIPAA is about sharing PHI between covered entities. P stands for Portability. Unless Jenny is working in one of those covered entities and Jenny's boss learned about her covid and pregnancy by pulling PHI - then no, it's no under HIPAA.

Her boss doesn't have a duty to keep it private in any legal sense. Jenny can ask not to tell anyone, but legally, it doesn't matter.

[wizofaus]

To clarify, the P in HIPAA is "portability", in PHI it's "protected". Confusingly there's also PII where it's "personally".

[lazyasciiart]

PHI is a technical term that means you are talking about HIPAA restrictions. Other laws can very well limit what you can share, but that doesn’t get referred to as being PHI.