Life Insurance Agent gave PHI to my financial advisor

No, the life insurance agent should not have necessarily contacted you directly. Electronic health information exchange via any media such as emails has very many benefits. However, for individuals and other participants to realize these potential benefits, the security and the protection of the electronic health information should be ensured. According to the HIPAA Act, specific rules, and regulations should protect any personal health information. One of these rules states that protected health information (PHI) can be disclosed to another person if the health information is being used for research, treatment or health care operations such as public health activities. In such instances, there is no need of obtaining the individual's permission or authorization to disclose their protected health information. However, if the agency would have revealed your health information for other purposes such as marketing, it was supposed to seek your permission before giving in to disclose to the financial advisor.

On the other hand, the HIPAA Act states that patients have legal and individual rights to learn about any disclosure or access to their protected health information. This means that the agency should have contacted you to provide you with a Notice of Privacy Practices to describe how your data was shared. The insurance agency should have informed you that your financial advisor had received the list of the doctors the agency was trying to reach. Every organization or health care provider is responsible for respecting these individual rights.

As an alternative, the agency should have sent you a copy of the health information. Patient access to information is one of the patients' rights under the HIPAA Act. As a patient, you are supposed to restrict any disclosure of your protected health information for treatment, payment or even the persons involved in the payment of the healthcare, which in this case is your financial advisor.