Also I interpreted this as being from the perspective of a customer, who likely wouldn’t have taken the oath. They still shouldn’t be sharing PHI but I don’t think they are under any legal or contractual obligation not to (and also I agree, didn’t in this case).
Customers are not bound by HIPAA, no. Random people aren’t, only like medical professionals and people that as part of their job duties handle that information.
I could recite someone’s medical history from a soapbox in a public place, but since I’m not bound by HIPAA, it is not a HIPAA infraction.
Also I interpreted this as being from the perspective of a customer, who likely wouldn’t have taken the oath. They still shouldn’t be sharing PHI but I don’t think they are under any legal or contractual obligation not to (and also I agree, didn’t in this case).
Customers are not bound by HIPAA, no. Random people aren’t, only like medical professionals and people that as part of their job duties handle that information.
I could recite someone’s medical history from a soapbox in a public place, but since I’m not bound by HIPAA, it is not a HIPAA infraction.