Under a federal law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), hospitals and doctors are required to protect the privacy of their patients’ medical information. This even includes not discussing medical information with a patient’s family. HIPAA rights can, however, be waived by the patient. Such a waiver can be provided formally—by a written document—or informally, as when a patient brings family members with them to a doctor’s appointment and doesn’t object when a family member asks for information about the patient. If a patient is incompetent, however, doctors will disclose medical information to the patient’s guardian, health care agent, or health care representative without seeking the patient’s prior approval.