STD Status Privacy Protection & Laws

Government policies are in place, specifically, to enforce the handling and distribution of any communication that contains PHI, to protect both the individual’s information and the entity that stores it. There are certain situations where the status of an STD infection is required to be reported for public health and safety purposes. However, while the instance of infection can certainly be reported as a statistical occurrence to the CDC (Center of Disease Control and Prevention), the WHO (World Health Organization), or other public health and census entities, information that can identify an individual associated with an STD status cannot be shared with the general public.

You have rights, as an individual, to have your PHI (personal health information) safeguarded by any company, service, or medical provider

To learn more about the STDAware Privacy Promise, click here.

Personal Privacy

There are three foundational concepts underlying “Personal Privacy” when it comes to healthcare information. They are confidentiality, privacy, and security.

  • Confidentiality is the professional standard for a healthcare provider to keep health information confidential as is supported by the code of ethics.
  • Privacy is finding a balance of permitting access and use of a person’s personal information, while at the same time protecting the privacy of that individual. An example would be the sharing of medical records with a third party such as another medical professional, an approved partner, spouse, or power of attorney.
  • Security addresses the technical and administrative safeguards of personal privacy. In the past “security” was more of a physical component, keeping health records under lock and key. But with the evolution and transfer to electronic health record systems, new, specific, electronic health record standards are required as set forth by HIPAA.

(HIPAA) Health Insurance Portability and Accountability Act

The United States Department of Health and Human Services (HHS) issued the Privacy Rule to establish the Health Insurance Portability and Accountability Act (HIPAA) in 1996. The Privacy Rule is designed to ensure that individuals’ health information is protected, allowing only the required personal health information to be shared with the proper healthcare parties. All forms of individual identifiable health-related information, whether electronic, paper, or verbal, is protected under this rule.

HIPAA regulations apply to any “covered entity” such as health plan and healthcare providers, health care clearinghouses, as well as third party and independent companies and contractors such as lawyers, accountants, IT specialists or companies that handled PHI while helping to administer health plans or health claims, etc.

The HIPAA privacy rule was established to assist in strengthening people’s personal privacy rights, as well as giving individuals more control over their health information and how it is shared, by setting boundaries on the use of their records. This enables patients to make more informed choices and, generally, the right to obtain a copy of their records and testing results (HHS, 2013).

HIPAA violators are held accountable with civil and criminal penalties. Criminal violation penalties can range from facing a fine of $50,000 and a year of imprisonment to $250,000 and imprisonment of up to 10 years. The civil penalty structure is tiered and depends upon the nature and extent of the harm of the violation (AMA, 2018).

Civil Penalty Tier:

  • Unknowing: Minimum penalty $100 per violation, with an annual maximum of $25,000 for repeat violations. Maximum penalty $50,000 per violation, with an annual maximum of $1.5 million.
  • Reasonable Cause: $1,000 per violation, with an annual maximum of $100,000 for repeat violations. Maximum penalty $50,000 per violation, with an annual maximum of $1.5 million.
  • Willful neglect but violation is corrected within the required time: $10,000 per violation, with an annual maximum of $250,000 for repeat violations. Maximum penalty $50,000 per violation, with an annual maximum of $1.5 million.
  • Willful neglect and is not corrected within required time: $50,000 per violation, with an annual maximum of $1.5 million. Maximum penalty $50,000 per violation, with an annual maximum of $1.5 million.

Challenges will always exist in the health information sector but strides have been made to ensure that anyone or any entity that handles PHI maintains respectful and responsible work standards. Combined with the individual’s ability to act as their own advocate under HIPAA for privacy and rights regarding their private health information, the ability to control how health information is distributed is a high priority for companies and governing bodies (UIC, 2014).

To learn more about your rights under HIPAA, visit:

While privacy protection is a legal standard there are certain instances where there is a legal obligation to report active STD infections to various entities.

Public Health Safety & STD Reporting

Depending on the State or County in which you live, certain STDs are considered public health and safety hazards and medical professionals are required to report the instances of infection with government officials, the CDC (U.S. Centers for Disease Control and Prevention), and other census entities. However, personal information, meaning identification, should not be tied to an STD diagnosis when it is reported and should only be reported for statistical purposes.

While STD reporting for statistical purposes will be scrubbed of any identifying information, there are some laws in place that require additional reporting and disclosure for public health and safety reasons. Each of the U.S. states has its own laws mandating the disclosure of HIV or other STD status prior to any kind of sexual activity. 24 states have implemented HIV criminal exposure laws, requiring people who know that they are HIV positive to disclose their status before any sexual activity with a new partner takes place. 14 states require disclosure of HIV status to needle-sharing partners. Some states have established more in-depth laws than others. In the majority of states, it is considered either a misdemeanor or felony to knowingly expose someone else to an HIV or STD infection. The sentencing and penalties for knowingly exposing or infecting another individual can result in formal indictment and penalties such as prison, fines, restitution, probation, or sex offender registration (NOLO, 2018).

State Laws For Reporting STD Status


  • Informed Consent: The requirement that any person who is aware that they are infected with an STD or HIV must tell their sexual partner(s) prior to sexual engagement.
  • Counseling: A partner-notification law, which requires healthcare providers to inform any known HIV positive person’s sex or needle-sharing partner(s).
  • Laboratory HIV Reporting: The requirement for any testing lab or clinic to report positive HIV results to the State Health Department. This allows each city and state to monitor the HIV statistics. The state’s health department will remove all identifying information and share the results for statistical purposes with the CDC. The CDC does not share the information with anyone else and only uses it to track all national public health trends.

The list below reflects the current, specific laws around HIV and STD exposure in each state (CDC, 2018).

  • Alabama: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Arizona: Arizona law makes it a misdemeanor offense for people infected with an STD to knowingly expose others to that disease. It is a broad law that encompasses any type of infectious disease, not just STDs.
  • Arkansas: Informed Consent, Counseling & Laboratory HIV Reporting.
  • California: California has three criminal laws specifically addressing STDs. Willful Exposure-anyone who has any kind of infectious disease commits a misdemeanor offense when he/she exposes it to others. Donating tissue-it is a felony offense if one who is knowingly infected donates bodily materials. Sexual Intercourse-it is a crime to engage in unprotected sexual activities with someone else if one is knowingly infected with HIV.
  • Colorado: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Connecticut: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Delaware: Informed Consent, Counseling & Laboratory HIV Reporting.
  • District of Columbia (Washington DC): Laboratory HIV Reporting.
  • Florida: Florida has several criminal laws that criminalize specific types of conduct: sexual intercourse, prostitution, prostitution with HIV, and criminal transmission of HIV. The penalty one will receive depends on the individual crime charged.
  • Georgia: Unlike other states, Georgia’s criminal STD laws apply to a small number of STDs. Only activities associated with HIV or hepatitis will result in a conviction of an STD crime.
  • Hawaii: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Idaho: Laboratory HIV Reporting.
  • Illinois: Illinois’ STD law only specifically targets HIV and not other STDs.
  • Indiana: In this stat, passing certain STDs to other is a crime. Depending upon the circumstances of the case, it will either be a felony or misdemeanor offense.
  • Iowa: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Kansas: Laboratory HIV Reporting.
  • Kentucky: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Louisina: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Maine: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Maryland: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Massachusetts: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Michigan: It is a crime in Michigan for a person who knows (meaning in Michigan “diagnosed”) he or she has HIV to have sexual activity with another person or donate blood without disclosing that information. Other STDs are not included in this law, yet it is still considered reckless behavior resulting in possible charges of assault.
  • Minnesota: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Mississippi: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Missouri: Counseling & Laboratory HIV Reporting.
  • Montana: It is regarded as a misdemeanor for anyone who knows that he or she is infected with any STD or HIV to expose another person.
  • Nebraska: A person who transmits a sexually transmitted disease (STD) to another person in Nebraska may be charged with a crime under Nebraska’s assault or attempted murder statutes.
  • Nevada: It is a crime to expose another person to HIV or any other communicable (contagious) diseases in Nevada.
  • New Hampshire: Informed Consent, Counseling & Laboratory HIV Reporting.
  • New Jersey: In New Jersey, it is a felony for someone who knowingly has HIV, chancroid, gonorrhea, syphilis, or herpes to expose another person through sexual contact.
  • New Mexico: In New Mexico a person who knowingly exposes someone else to an STD will be charged under Mexico’s battery laws.
  • New York: In New York, it is a misdemeanor for any person who knows that he or she is infected with an STD to have sexual intercourse with another person.
  • North Carolina: People who know they are infected with HIV can be convicted of a crime if they fail to use condoms or inform their sex partners. Additionally, those who are infected with other STDs and expose others can be charged with assault.
  • North Dakota: North Dakota does not specify particular STDs but stipulates that individuals will be criminally charged if he or she knowingly exposes another person.
  • Ohio: People who know they are infected with HIV and engage in sexual activity, bite or spit on someone can be charged with criminal exposure. Those knowingly infected with other STDs and expose others could be charged with assault.
  • Oklahoma: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Oregon: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Pennsylvania: Pennsylvania does not have specific laws that criminalize the transmission of STDs. Instead, the state’s general law is used for those convicted of reckless endangerment.
  • Rhode Island: Informed Consent, Counseling& Laboratory HIV Reporting.
  • South Carolina: Laboratory HIV Reporting.
  • South Dakota: Laboratory HIV Reporting.
  • Tennessee: It is a felony for a person who knows he or she is infected with HIV, hepatitis B or hepatitis C to engage in sexual contact, donate blood or organs or share needles. Additionally, it is considered a crime to expose another to any STD.
  • Texas: In Texas, a person who knows that they are infected with HIV/AIDS and intentionally exposes another person to the disease may be charged with assault with a deadly weapon, or with attempted murder.
  • Utah: Laboratory HIV Reporting.
  • Vermont: Laboratory HIV Reporting.
  • Virginia: In Virginia, it is a crime for a person who knows he or she has HIV, syphilis, or hepatitis B to engage in sexual contact.
  • Washington: Washington has three varying laws regarding STD transmission: Criminal exposure to HIV is a felony assault, exposing another to an STD is a crime, and exposing another to a contagious disease is also a crime.
  • West Virginia: Informed Consent, Counseling & Laboratory HIV Reporting.
  • Wisconsin: Informed Consent & Counseling.
  • Wyoming: Laboratory HIV Reporting.

With over 4,000 testing laboratories, nationwide, STDAware makes getting tested convenient and accessible. To find an STDAware testing center near you, click here.

In general, the laws protecting people from STD and HIV exposure apply to known and intentional exposure to an unknowing/unaware sexual partner. And do less to minimize the risk of infection from individuals who do not know that they are infected with an STD. Many STDs are “silent,” meaning that the disease can persist in the body without any outward symptoms and consequently infect multiple people before the STD is caught.

The importance of routine STD testing cannot be overstated. The only way to know if you have an STD is to get tested. Even if you are experiencing symptoms, the only way to identify and follow up with treatment is through testing and diagnosis. Additionally, early identification is crucial to the successful treatment and management of any STD. Chronic infections of chlamydia and gonorrhea have been linked to severe medical complications including infertility, certain forms of cancer, and even death. More alarmingly, if a gonorrhea infection is not adequately addressed in a timely manner, the disease can become resistant to treatment and unable to be cured.

STDAware offers the fastest turn around for test results in the industry. To find out more about how quick and easy testing at STDAware can be, click here.


Medical experts and the CDC advise that any sexually active individual, who is not in a long-term, mutually monogamous relationship, should be tested for STDs anytime there is a change in sexual partners or habits.

Requesting that any new partners are tested for STDs at the same time is a strong defense against STD infection. This allows any STD to be treated or cured before sexual activity occurs, in the event that one or both partners are infected with an STD.

STDAware offers post-test medical consultations at no charge, to anyone who is tested by STDAware and tests positive for having an STD. Some clients will qualify for a no-cost treatment option. To find out more about these free services, click here.

You are your best and only defense against STD infection. Take charge of your sexual health and well-being by getting tested, today! Click here to learn more about getting tested at STDAware.

How STDAware Protects You – We Keep Your Private Parts, Private!

STDAware takes extra steps in proven methods to ensure that your information is protected. All STDAware services, information, and testing results are 100% private and secure.

STDAware strictly adheres to federal, state, and local law, as well as upholds the HIPAA compliance rules and regulations. We use the state of the art Norton Symantec Secure Site Pro 256-bit Extended Validation SSL certificate issued by DigiCert and secured with SHA256 elliptical curve cryptography. Which means any data shared between STDAware servers and client computers, such as identification, medical records, and billing data, is secure, private, and confidential. Users can rest assured that their information is kept safe and is never shared.

Norton icons b8c70d784d4614baeb64f27c05505f15e0f1ca5a4f0707e68200efd79b44fc51 is also certified by McAfee Secure, which means that our site is tested and certified as being free of “malware, viruses, phishing attacks, and other things that can harm you and your computer” (McAfee, 2018). Additionally we offer up to $100,000 identity protection for all of our patients and customers.

Mcafee 91a2c9fc8fadf909e889a9b07b0201f6c2d925b3cfc74407d909fe033e68bca6

With a team of security experts monitoring our data, clients and patients at STDAware have one less thing to worry about when it comes to their privacy.

To learn more about the STDAware Privacy Promise, click here.


U.S. Department of Health & Human Services (HHS)

American Medical Association (AMA)

University of Illinois at Chicago (UIC)

Criminal Defence Lawyer Published by NOLO

Centers for Disease Control and Prevention (CDC)


STDAware © 2017 | All Rights Reserved