In a nutshell, the USA-only HIPAA (that's HIPAA with two A's) regulations establish that: (1) The PATIENT is to be the master of his or her "protected health information (PHI)" (2) So that the only way a "covered entity" can ever share information about an individual is if it is required (i.e. a subpoena) or authorized by the individual. (3) BUT there is also a loophole (which I have termed the pothole, as it is so big). A "covered entity" can share "PHI" with any other "covered entity" if it is for "treatment, payment or health care operation." (4) AND you do not need prior written consent from the individaul to do that. (5) Meaning that health care providers can freely exchange all sorts of information about a patient so long as it is to discuss the case, or get the insurance co. to pay for it, etc. (6) The HIPAA sections for psychotherapy are more complicated, because of the nature of the professional relationship. (7) A health care provider cannot "retaliate" against a person who exercises their rights under HIPAA (i.e. they can't withhold treatment if you file a HIPAA complaint against them). See http://www.hhs.gov/ocr/privacysummary.pdf Liz Brooks, JD, IBCLC Wyndmoor, PA, USA _________________________________________________________________ Stay in touch with old friends and meet new ones with Windows Live Spaces http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us *********************************************** To temporarily stop your subscription: set lactnet nomail To start it again: set lactnet mail (or digest) To unsubscribe: unsubscribe lactnet All commands go to [log in to unmask] The LACTNET email list is powered by LISTSERV (R). There is only one LISTSERV. To learn more, visit: http://www.lsoft.com/LISTSERV-powered.html