The Health Insurance Portability and Accountability Act (HIPAA), which was passed by Congress in 1996, specifies who has access to your medical records and personal health information. Access to your own personal medical records is guaranteed under HIPAA privacy rights. This law set limits on the use and release of medical records, and established a series of privacy standards for healthcare providers.
Under HIPAA privacy rights, patients have the right to know how their computerized medical records are used and providers are required to seek patient permission before disclosing their personal health information to third parties in most circumstances. Patients can read about all of their HIPAA privacy rights on the Department of Health & Human Services website.
Note that there are exemptions to HIPAA privacy rights under certain circumstances. In addition, life insurers, employers and some school districts are exempted from these laws. Government agencies such as Medicare or the Social Security Administration may examine your medical records for purposes of establishing eligibility for certain programs.
The Medical Information Bureau (MIB) is an information exchange between member insurance companies of brief, coded health information of underwriting significance taken from the underwriting of previous applications for life and health insurance coverage. MIB does not access an individual’s medical records. MIB information is obtained with an applicant’s consent and is used to protect insurers against errors, omissions and misstatements in an applicant’s health statements. Under the Fair Credit Reporting Act (FCRA), consumers can obtain one free disclosure annually of their MIB record. Unless you have applied for life and health insurance in the past seven years, you will not have an MIB record. For more information about the MIB, visit MIB’s website.
As for any type of information, your electronic patient records can be released if ordered by a court or by health agencies or law enforcement agencies with a valid subpoena or legal order, and may be required in certain situations. In most states, medical records showing treatment for gunshot wounds, for medical treatment related to sexual attacks, and for cases where domestic violence is suspected, must be submitted to the proper authorities.
Your healthcare providers in their discretion may also release medical records without your written authorization in the following circumstances, among others: to insurance companies for purposes of processing health insurance coverage, billing or claims management; to professional societies and research organizations who are reviewing health care providers or doing medical research; to employers if they are evaluating workers compensation claims.
Confidentiality issues under a patient’s HIPAA privacy rights regarding medical records is a complex area. The US Department of Health and Human Services has an overview of who has the right to access to your records. In addition, it is advisable to speak directly to your health care providers about this important topic.