What Are Your Rights?

Personal information you give to your doctor is shared with insurance companies, pharmacies, researchers, and employers based on specific regulations. The privacy of your health records is protected by federal law (the Health Insurance Portability and Accountability Act, also known as HIPAA), which:

  • Defines your rights over your health information
  • Sets rules and limits on who is allowed to receive and/or see your health information

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) (1-800-368-1019) is an excellent resource for complete details and advice about the HIPPA ruling. Along with fact sheets and educational materials.

You can request a copy of your medical records from the provider or from the hospital where medical services were provided. You will probably be charged a fee to cover retrieving and mailing copies to you.

If you believe that a person, agency, or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you may be able to file written complaints with the Department of Health and Human Services, Office for Civil Rights.

Back to Top

What Steps Should You Take?

Know your rights and exercise them. Here are some steps you should take to ensure the accuracy and privacy of your medical information:

  • Talk with your doctor about confidentiality concerns. Discuss the uses of your health information and what is required for insurance purposes.
  • Read the fine print. Most authorization forms contain clauses allowing information to be released. You may be able to restrict some disclosures by revising the form. Hint: Be sure to initial and date your revisions.
  • Request a copy of your medical records so you know what's in them.
  • Register your objections to disclosures that you consider inappropriate. Contact the specific entity involved, state office, or the Department of Health and Human Services.
  • Be cautious when providing personal information for "surveys," health screenings, or "sweepstakes" or on a health web sites. Be sure to check their privacy policy, ask how the information will be used and who will have access to it.

Back to Top

Medical ID Theft

Medical identity theft can occur when someone steals your personal information number to obtain medical care, buy medication, or submit fake claims to your insurer or Medicare in your name. To prevent medical identity theft, you can:

  • Guard your Social Security, Medicare, and health insurance identification numbers. Only give your number to your physician or other approved health care providers.
  • Review your explanation of benefits or Medicare Summary Notice to make sure that the claims match the services you received. Report questionable charges to your health insurance provider or Medicare.
  • Request and carefully review a copy of your medical records for inaccuracies and conditions that you don’t have.

If you believe you have been a victim of medical identity theft, file a complaint with the FTC at 1-877- 438-4338 or and your health insurance company’s fraud department. If you suspect that you have been the victim of Medicare fraud, contact the U.S. Department of Health and Human Services’ Inspector General.

Back to Top