You don't need to be a celebrity to have valid concerns that your medical records might be stolen or read by others. Over the past three years, almost 21 million patients have had their medical records exposed in data security breaches, according to the Department of Health and Human Services.
The Health Insurance Portability and Accountability Act (HIPAA), a federal law that sets a national standard for privacy, provides limited privacy for medical records maintained by health care providers, health plans and health clearinghouses, but a good deal of medical information falls outside the protection of this law.
Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.
To see how caregiving is transforming, visit AARP’s caregiving and technology series.
Here are answers to 10 questions you may have about privacy laws concerning your medical information.
1. Who can get access to my medical information?
A. Whoever is providing your care, as well as the organizations funding that care. And, sometimes, the government.
Doctors, nurses and hospitals need to share your information to ensure that you're getting the proper treatment and meds, and that none of those treatments conflict. Insurance companies require the same information to verify claims. Government agencies may request medical records to verify claims made through Social Security, disability and workers' compensation. The government can also get access to your medical information for public health purposes, such as reporting diseases and collecting vital statistics, and to make required reports to law enforcement.
2. Does my employer have access to my medical records or insurance claims?
A. Absolutely not. HIPAA prohibits employers from accessing patient records or insurance claims because it could result in discrimination. If an employer wants to see any of your medical information, the employer would need to receive your written permission. Under HIPAA, your supervisor or human resource officials can request a doctor's note or information about your health only if needed to administer sick leave, workers' compensation, wellness programs or health insurance.