Physicians are continuously exposed to new and interesting information about their patients.  It is tempting to chronicle the facts for publication, but aspiring authors should be aware of privacy laws before writing about past medical cases. Physicians can risk lawsuits writing about patients.  In the post-HIPAA era, medical professionals have ethical and legal duties to protect their patients.


Many physicians are knowledgeable on the Health Insurance Portability and Accountability Act, but have little experience with the privacy laws of publishing.  Laws vary amongst the states, but authors referencing prior patients can be sued for a variety of claims including breach of privacy and negligent publishing.  Although not all plaintiffs have a valid claim, the suit could jeopardize the physician’s reputation.  Therefore, aspiring authors interesting in penning both fiction and non-fiction novels should familiarize themselves with current publishing laws.

Breach of Privacy

Refers to published information about a patient’s personal life that has not been previously reported to the public, is not of public concern and the publication of which would be offensive to a reasonable person.


Negligent Publishing

Refers to published material that ends in a reader’s harm or injury.  For example, if a physician writes a book providing physical exercise or medical advice that results in a reader’s harm.


Restricted Identifiers

Federal law prohibits the publication of 18 identifiers about past medical cases without the patient’s authorization.  This information includes, but is not limited to, the patient’s name, facial photograph, dates of treatment, phone number, ZIP code, address and birth date.  HIPAA does not permit the disclosure of these identifiers even if published in a medical journal for educational purposes.  For a list of the remaining identifiers, contact your legal advisor.


Shared Data

Physicians writing for medical journals must also take precautions.  Institutions providing patient data might forget to filter identifiers.  To prevent any suits or claims, the physician should send the data back to the institution and ask them to filter identifying information.


Protect Yourself and Your Patients

The best way for medical professionals to protect themselves when writing about past medical cases is to obtain written permission from the patient.  Writers have ethical and legal obligations regardless of if it is for a medical journal or a novel.  Even with fiction, an author should change all of the patient identifiers to protect themselves as well as the privacy of the subject.


Additional Information

Dexcomm gets HIPAA - get it from us

Prevent your mobile device from causing a HIPAA Violation - get the ebook

For more information on risk in writing about patients, click here.




Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of roughly 80 people, and our average client retention rate is 10+ years.

Connect With Us:





Read More About The Author: Dexcomm