The Privacy And Security Of Your Medical Records

Get Your
Medical Records

1Complete a simple secure form
2We contact healthcare providers on your behalf
3Have a National Medical Records Center send your records as directed


Related Tags

Article Info

Reviewed by
Last updated:

The Privacy And Security Of Your Medical Records

You have the right to privacy and security of your health information. Your medical and health information is deeply personal, and a failure to protect it potentially exposes you to medical identity theft. The federal Health Insurance Portability and Accountability (HIPAA) law serves to help you protect your personal health information (PHI).

Images, test results, medications, and other data are kept electronically by doctors and hospitals. This makes it possible for them to view the data. Doctors have a responsibility to protect their patients’ information and confidentiality. Patient information security outlines the steps doctors must take to guard your “protected health information” (PHI) against unauthorized access or breaches of privacy/confidentiality. Keeping the integrity of electronic medical information is called security. It makes sure that the data and images are accessible to those who need them. The federal government regulates electronic media and PHI management through the Health Insurance Portability and Accountability Act.

HIPAA & Laws on Medical Records

HIPAA establishes three primary issues in regards to your medical records:

  • The privacy rule protects the privacy of individually identifiable health information.
  • The security rule sets national standards for the security of protected health information.
  • The patient safety rule protects identifiable information being used to analyze patient safety events and improve patient safety.

With some exceptions, medical information that can personally identify you can not be disclosed. Those providing medical care can disclose your information to other parties if they believe it is required for proper medical care. Those paying for your health care or health insurance, like your employer or insurance company, can view parts of your medical record relevant to making payment decisions.

Depending on your state’s law, you have the right to file a lawsuit if there is an invasion of privacy or patient confidentiality.

Privacy Concerns About Your Medical Records

Medical providers and medical plans have access to and hold onto your medical records. They may transfer your records to other plans or providers if requested with your consent. Employers who provide medical plans or are medical providers can only access your medical records as far as it concerns overpayment. You may request a copy of your medical records from your employer or provider. Note that they cannot charge for obtaining your records, though they may charge for the process of delivering the records (such as copying, database use, etc.) The HIPAA regulates that only you and a personal representative of your choice may obtain and view your medical records. Personal representatives include attorneys who can make medical decisions for you as a legal representative and parents/guardians of children. The only exception to forbidding a personal representative from viewing your records is if a personal plan or provider reasonably believes that doing so may endanger the patient in situations of domestic abuse, violence, and neglect.

Additional Things to Know About the Privacy of Medical Records

  • If you are looking to switch health insurance providers, your new provider can not access your medical records to determine your coverage or rate
  • Your health information may be used for research, but your name cannot be released
  • Your prescription drug information can be given to pharmaceutical companies anonymously
  • Debt collectors can access information regarding unpaid medical bills, but not specific treatment information
  • You and those you authorize can be provided with a copy of your records when you perform a record request

What if My Patient Privacy has been Violated?

If you think that your medical records privacy rights have been violated, you can file a complaint with the Department of Health and Human Services.

To file a complaint with the Department of Health and Human Services, you can either:

  • Call 1-800-406-9394 for more information.
  • File a complaint online or by writing the following to the Office for Civil Rights: U.S. Department of Health and Human Services 200 Independence Avenue S.W., Room 509F HHH Building Washington D.C., 20201 Mail Code 4510B Washington, DC 20202 (Please be sure to note that your inquiry is about medical records privacy rights).

Electronic Medical Records Systems

Electronic medical records are used much more frequently nowadays with the widespread use of internet technology. Security measures for your health records are provided by HIPAA so far as medical providers and plans are concerned. While most healthcare providers provide plenty of adequate security standards for electronic records, data breaches can and do happen from time to time. HIPAA gives you the right to access your medical records for you to keep safely.

Security Concerns About Your Medical Records

Maintaining the security of your medical records is vital in maintaining both your patient privacy and health intact. While the HIPAA seeks to establish rules and regulations for privacy and security, it does not guarantee either. It does provide limited privacy protections for covered entities like health care providers, health plans, and healthcare clearinghouses that transmit information electronically.

While HIPAA seeks to provide some relief for your medical records, it does not provide any protection of financial records, education records, or employment records. This is important to mention as these documents are very closely tied with medical records and may provide backdoor access to parts of or the entirety of your medical records. As such, the security of medical records is minimal at best, but you may seek to maintain these other records’ privacy to protect your valuable medical information.