The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology

A-Z Index  |  Questions? 

  • Print this
  • Email this

What Are the Specific Privacy and Security Needs of HIV/AIDS Patients?

To understand the answer to this question, you need to know how privacy, confidentiality, and security are defined:

  • Privacy refers to an individual’s right to control both access to and use of his or her health information. 
  • Confidentiality relates to the right of an individual to the protection of their health information during storage, transfer, and use, in order to prevent unauthorized disclosure of that information to third parties.
  • Security consists of the protections or safeguards put in place to secure protected health information (PHI).  It requires that administrative, technical, and physical safeguards are developed and used.  

Discussing, diagnosing, and treating HIV/AIDS is a sensitive, private issue between a patient and his or her provider.  This privacy is especially important, because as mentioned in the introduction, any breach of privacy may result in stigmatization or discrimination against HIV/AIDS patients.  Patients who are concerned that their health information will not be held private or secure may be discouraged from being tested for HIV and may be dissuaded from pursuing or adhering to recommended treatment regimens.  

The need for privacy and security must be carefully balanced with the appropriate sharing of patient information.  Health IT poses risks for maintaining patient privacy and security, but also offers you and your HIV/AIDS patients potential benefits.  There are instances in which you must reveal patient information to someone other than the patient.  You are required to report the names of persons who have a positive HIV test to public health authorities for infectious disease surveillance.  In some States you are also required to report the names of partners of those who test positive for HIV.  

You may also share a patient’s medical information with the patient’s other medical providers to coordinate care and to manage HIV/AIDS as a chronic condition.  The policies and regulations that have been put in place will allow you to share patient health information when necessary and appropriate, while maintaining the confidentiality, privacy, and security of this information.

Related Resources:

Summary of HIPAA Privacy Rule – This U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) webpage summarizes the key elements of the Privacy Rule, including who is covered, what information is protected, and how PHI can be used and disclosed.  
Summary of HIPAA Security Rule – This OCR document provides an overview of the Security Rule, including what administrative, physical, and technical safeguards covered entities must have in place to protect the security of electronic PHI.  
Health Information Technology and the Response to HIV go to exit disclaimer – This video interview of Dr. David Blumenthal, National Coordinator for Health Information Technology (ONC), discusses the implications of health IT for HIV/AIDS patients and providers.
HIV/AIDS Stigma go to exit disclaimer– This article on HIV-related stigma and its consequences includes practical steps to prevent HIV/AIDS stigma and discrimination.

Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed