Intended to keep personal health information private, the law does not prohibit health care providers from sharing information with family, friends or caregivers unless the patient specifically objects. Even if he or she is not present or is incapacitated, providers may use “professional judgment” to disclose pertinent information to a relative or friend if it’s “in the best interests of the individual.”

Hipaa applies only to health care providers, health insurers, clearinghouses that manage and store health data, and their business associates. Yet when I last wrote about this topic, a California reader commented that she’d heard a minister explain that the names of ailing parishioners could no longer appear in the church bulletin because of Hipaa.

Wrong. Neither a church nor a distraught spouse is a “covered entity” under the law.

Last month, Representative Doris Matsui, Democrat of California and co-chairwoman of the Democratic Caucus Seniors Task Force, who has heard similar complaints from constituents, introduced legislation to clarify who can divulge what and under what circumstances. The proposed bill would require the Department of Health and Human Services, which last year issued new Hipaa “guidance,” to make that statement part of its regulations and to create model training programs for providers and administrators, patients and families.

“A lot of times it’s just misunderstanding what is and isn’t allowed under Hipaa,” Representative Matsui said in an interview.

So, what is and isn’t?

Family members can provide information, as Ms. Gray attempted to do. “How does keeping information confidential stop you from listening to someone?” said Eric Carlson, the directing attorney for Justice in Aging, a legal advocacy group in California. “There’s no Hipaa privacy consideration there.”

An assisted living facility or nursing home can report a death. It can also give someone’s general condition and location, assuming the patient remains within the facility. And if, as Ms. Wyvill suggested, residents ask administrators to keep a list of those who want their neighbors to know they’ve gone to a hospital, that’s perfectly legal under Hipaa.

The law gives providers flexibility in disclosing information in the patient’s interest, but it doesn’t require them to. Clinton Mikel, chairman of an American Bar Association group on e-health and privacy, said that providers sometimes decided, “‘We could, but we’re not required to, and we think this situation is a mess, so we’re going to exercise that option.”