What are my privacy rights?

April 1, 2019
Dianne Watterson addresses an episode that embarrassed this dental hygienist and violated her privacy rights in front of a patient.

Dear Dianne,

I have been a dental hygienist for 35 years, and I’ve been in my current office for 10 years. Recently, I had a three-day stay in the hospital with a heart condition, but everything is fine now. When I returned to work, the doctor did not speak to me until the afternoon. Then, right in front of my patient, he said, “Hey, are you all right to be here? Are you sure?” I was so embarrassed, and the patient was looking at me wondering what the heck was going on. I’m sure he wondered if I had something contagious or whether I should be treating him. I told the doctor that my physician had cleared me. He stated, “Well, I guess it’s OK then.” I was mortified!

I don’t know a lot about privacy laws, but I certainly feel violated. As an employee, do I have any HIPAA protections?

Upset RDH

Dear Upset,

You have every right to be upset, and I’d be embarrassed and shocked if my boss asked me about something as personal as a medical condition in front of my patient. The doctor showed lack of respect for you.

You mentioned HIPAA protections, so I took the liberty of doing some research. HIPAA stands for Health Insurance Portability and Accountability Act. Introduced in 1996, it was designed (1) to ensure that individuals would be able to maintain their health insurance between jobs, and (2) to ensure the security and confidentiality of patient information and data with standards for electronic data transmission of administrative and financial data relating to patient health information.1 Since HIPAA was enacted, it’s been a continual work in progress with much input from health plans, health-care clearinghouses, and health-care providers. Anyone who transmits health information electronically is affected by HIPAA rules.

According to the Department of Health and Human Services, information protected by HIPAA law includes all individually identifiable health information. This includes the individual’s past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual. It also includes such identifiers as name, address, telephone number, Social Security or other identifying number, license numbers, and more.2

It seems that the unpleasant exchange between you and the dentist was a breach of confidentiality that falls under civil (tort) law. An employer breach of confidentiality happens when an employer reveals information about an employee to unauthorized people. The patient would be considered an unauthorized person, and the doctor’s question provided information, albeit not specific, about a medical condition affecting you and possibly affecting your work. An employer cannot share medical information about an employee without securing a written authorization from the employee.

All employers need to engage their brains before revealing personal information about employees that has nothing to do with their jobs. Revealing information that should remain private subjects the employer to legal and financial liability or even criminal charges. Any small business owner who has employees should acknowledge and respect a worker’s right to an expectation of privacy in the workplace.

A basic tenet of employment law states that all employees have basic rights in the workplace, including the right to privacy, fair compensation, and freedom from discrimination.3 Your right to privacy includes your right to keep your medical situation private and not subject to discussion in front of patients who are under your care.3

States differ with regard to employment regulations and privacy, but here are some basic rules from the Texas Workforce Commission that ensure that private employers are acting in good faith.

1. Regard all information about an employee’s personal characteristics, family, and friends as private and confidential.

2. Release information on employees only to those needing it for legitimate or legal reasons.

3. Investigate all inquiries for information, keep records, and use consent for release forms.

4. Securely store sensitive documents and shred old documents.

5. Do not mail anything with a Social Security number except allowed government forms outlined in state law.4

As a consultant in many dental practices through the years, I’ve been amazed by some of the conversations I’ve overheard between doctors and staff while a patient was in the chair. One doctor went into graphic detail about his mother’s “explosive diarrhea” in a shopping mall. I heard a dental hygienist rattle on about her gallbladder surgery, explaining in great detail the vomiting that occurred as she emerged from the anesthesia. Good heavens, is this all we can find to talk about while a patient is in the chair? Many of these kinds of conversations occur as if the patient is deaf. Needless to say, conversations of this sort are unprofessional and not appreciated by unsuspecting patients.

Far too often, doctors are so self-absorbed that they fail to acknowledge staff member illnesses. Your experience is a good example. The fact that this doctor saw you multiple times and did not even ask if you were better speaks volumes about his lack of caring for his staff.

I remember being off work with a kidney stone that resulted in lithotripsy and a stent. When I returned, my boss never once asked me how I was feeling. It hurt my feelings and lowered my opinion of him. Instead of showing concern for my suffering, he snubbed me. When employees conclude that their employer does not care for them but is only concerned with their productive capacity, employee turnover is imminent. Such was my case, and I found a new office. We are not robots that are devoid of feelings!

My advice is that you should inform this doctor privately that his off-the-cuff questions about your recent illness in front of the patient were embarrassing and humiliating. You should stress that it is never OK to do that—ever.

Here’s a suggestion for the conversation: “I don’t know if you are aware or not, but you violated my privacy and breached a subject that is confidential when you brought up my medical condition in front of the patient in my chair. I deserve more respect than that, and I’m going to ask you respectfully not to ever do that again.”

His questions probably raised all kinds of questions or even fears in the patient’s mind about you and your fitness to treat him. You or I would have similar questions if we were the patient. This doctor owes you an apology.

Sometimes, people do not think before they engage their tongues. This doctor’s lack of discretion was thoughtless and disrespectful. If you don’t have the courage to stand up for yourself, then don’t be surprised when you are treated in a disrespectful manner in the future.

All the best,



1. HIPAA Background and Guidance. The University of Chicago, Biological Sciences Division website. hipaa.bsd.uchicago.edu/background.html. Published October 23, 2006. Updated February 2010.

2. Your rights under HIPAA. hhs.gov website. https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html?language=es.

3. Employment Law. Employment Find Law website. employment.findlaw.com.

4. Brown K. What are employee privacy rights? Small Business Chron website. http://smallbusiness.chron.com/employee-privacy-rights-1239.html. Accessed February 22, 2019.

Dianne Glasscoe Watterson, MBA, RDH, is a consultant, speaker, and author. She helps good practices become better through practical analysis and teleconsulting. Visit her website at wattersonspeaks.com. For consulting or speaking inquiries contact Watterson at [email protected] or call (336) 472-3515.