Obviously like prescriptions are different to ensure safety and dosages and such. I mean like the notes to show that you or your child actually went to the doctor. Has anyone ever called like “hi, yeah so I just wanted to confirm my employee John saw your employer yesterday and confirm they are a real doctor”
I can’t imagine any manager actually has enough free time and enough pettiness to actually do that, am I wrong?
There are quite a few exceptions built into HIPAA. I’m sure there would be something as you describe, but also there are things like if a crime occurred on the premises of the provider (or whatever) and they think they recognize the person in their security footage as a patient, they can give that information to law enforcement (as one would expect with non-healthcare organizations).
Another is that if someone is talking with a patient in a double room with only a curtain separating, someone overhearing the conversation is considered incidental and not a HIPAA violation