Most Popular


How Private Is Your Medical Info?

10 things you should know about what can — and can't — be shared

You don't need to be a celebrity to have valid concerns that your medical records might be stolen or read by others. Over the past three years, almost 21 million patients have had their medical records exposed in data security breaches, according to the Department of Health and Human Services.

See also: How to protect yourself from medical identity theft

The Health Insurance Portability and Accountability Act (HIPAA), a federal law that sets a national standard for privacy, provides limited privacy for medical records maintained by health care providers, health plans and health clearinghouses, but a good deal of medical information falls outside the protection of this law.

Kate Middleton

Know your rights about privacy laws and find out who can and can't access your medical records. — Photo by Patrick van Katwijk/DPA/Corbis

Here are answers to 10 questions you may have about privacy laws concerning your medical information.

1. Who can get access to my medical information?

A. Whoever is providing your care, as well as the organizations funding that care. And, sometimes, the government.

Doctors, nurses and hospitals need to share your information to ensure that you're getting the proper treatment and meds, and that none of those treatments conflict. Insurance companies require the same information to verify claims. Government agencies may request medical records to verify claims made through Social Security, disability and workers' compensation. The government can also get access to your medical information for public health purposes, such as reporting diseases and collecting vital statistics, and to make required reports to law enforcement.

2. Does my employer have access to my medical records or insurance claims?

A. Absolutely not. HIPAA prohibits employers from accessing patient records or insurance claims because it could result in discrimination. If an employer wants to see any of your medical information, the employer would need to receive your written permission. Under HIPAA, your supervisor or human resource officials can request a doctor's note or information about your health only if needed to administer sick leave, workers' compensation, wellness programs or health insurance.

3. What rights do I have to access and control my health information?

A. Health insurers and providers must make your health records available to you upon request, allow you to copy the records and make corrections. Insurers and providers have an obligation to tell you how your health information may be used or shared. Even if you undergo genetic testing, federal regulations make that information subject to the same privacy protections of HIPAA. A 2008 federal law prohibits employers from denying you a job or firing you, and health insurers from refusing coverage, based on genetic information.

If you believe your rights have been violated, you can file a complaint with your provider or health insurer or with the U.S. Department of Health and Human Services.

4. Can family members see my medical records?

A. It depends. Although federal law does not prohibit ordinary health care practices — such as hospital staff discussing your condition and your treatment options with family members, or picking up a prescription for a relative — you must give written permission for your loved ones to see your official medical records. By designating family members as your "personal representative" in a signed letter or form, you give the health care providers the coverage they require to avoid HIPAA violations. So it's a good idea for you and aging parents — or adult children — to designate one another as personal representatives in case the need arises.

5. Is my health information vulnerable because of widespread use of electronic medical records?

A. Electronic medical records (EMRs) provide health care providers with quick access to your information and a real-time tool to improve the quality of health care, as well as prevent medical errors and increase administrative efficiencies. In spite of their convenience, EMRs may make it harder to protect your privacy; when information is communicated electronically, there is always potential for security breaches. But keep in mind that providers of EMRs are laser-focused on these dangers, making EMRs more reliable and less vulnerable than an open chart left on a hospital counter.

Next: Can your health info be used for marketing purposes? »

Topic Alerts

You can get weekly email alerts on the topics below. Just click “Follow.”

Manage Alerts


Please wait...

progress bar, please wait

Tell Us WhatYou Think

Please leave your comment below.

caregiving tools

Caregiving Locator Tool

Care Provider Tool

Find home health, assisted living, nursing home, hospice and adult day care near you. 

Long Term Care Cost Calculator

Long Term Care Calculator

This tool offers a state-by-state comparison of home health, hospice and assisted living costs. 

Visite el Centro de Recursos en Español

Learn More About
the campaign

Caregiving Resource Center - Find Resources