Protect Your Medical Records

Personal information you give to your doctor is shared with insurance companies, pharmacies, researchers, and employers based on specific regulations. The privacy of your health records is protected by federal law (the Health Insurance Portability and Accountability Act, also known as HIPAA), which:

  • Defines your rights over your health information
  • Sets rules and limits on who is allowed to receive and/or see your health information

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) (1-800-368-1019) is an excellent resource for complete details and advice about the HIPPA ruling. Along with fact sheets and educational materials, the OCR also provides a listing of resources for consumers, providers and advocates.

You can request a copy of your medical records from the provider or from the hospital where medical services were provided. You will probably be charged a fee to cover retrieving and mailing copies to you.

If you believe that a person, agency, or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you may be able to file written complaints with the Department of Health and Human Services, Office for Civil Rights.

Protect Your Medical Information

Know your rights and exercise them. Here are some steps you should take to ensure the accuracy and privacy of your medical information:

  • Talk with your doctor about confidentiality concerns. Discuss the uses of your health information and what is required for insurance purposes.
  • Read the fine print. Most authorization forms contain clauses allowing information to be released. You may be able to restrict some disclosures by revising the form. Hint: Be sure to initial and date your revisions.
  • Request a copy of your medical records so you know what's in them.
  • Register your objections to disclosures that you consider inappropriate. Contact the specific entity involved, state office, or the Department of Health and Human Services.
  • Be cautious when providing personal information for "surveys," health screenings, or "sweepstakes" or on a health web sites. Be sure to check their privacy policy, ask how the information will be used and who will have access to it.

Medical Identity Theft

Medical identity theft, a twist on traditional identity theft, happens when someone steals your personal information. Like traditional identity theft, medical ID theft can affect your finances, but it also can take a toll on your health. Some ways you might detect medical ID theft include:

  • You get a bill for medical services you did not receive.
  • A debt collector contacts you about a medical debt you don't owe.
  • You find medical collection notices on you don't recognize on your credit report.
  • Your health plan says you've reached your limit on benefits when you know you haven't.
  • You are denied insurance because your medical records show a condition you don't have.

If you believe that a person, agency, or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you may be able to file a written complaint with the Department of Health and Human Services, Office for Civil Rights.