Skip to main content Navigation Return to Content

Resources & Information

HIPAA and your rights

Medical Records: A patient’s rights under HIPAA

Anyone who has visited a doctor within the last 25 years has no doubt signed a “HIPAA privacy statement” acknowledging that they have been advised of their rights under the Health Insurance Portability and Accountability Act, or HIPAA. The 1996 law set up standards for the privacy of and access to patient medical records. 

What is the HIPAA Privacy Rule?

The Privacy Rule outlines the specific rights of individuals, medical professionals, hospitals, insurers and other “covered entities” that are subject to HIPAA laws. 

Patient rights include: 

  • The right to see and obtain copies of your medical records
  • The right to request corrections to your medical records
  • The right to limit who can see the information in your medical records, withhold permission for your health information to be used or shared for marketing purposes, receive a statement that discloses how your health information will be used or shared, and be alerted when your health information is shared and with whom
  • The right to have your health information be private and protected
  • The right to file a complaint with your provider, health insurer or with the U.S. Department of Health and Human Services if you believe your HIPAA rights have been violated

Who can lawfully access my health information?

  • Medical providers who access health information in order to provide treatment, consult with treating providers or coordinate medical care
  • Health insurers and medical plans, such as health insurers, company health plans, Medicare & Medicaid
  • Individuals involved in billing and reimbursement of your medical care
  • Designated individuals you have given express permission to receive your health information, such as family members or other loves ones
  • Public health and regulatory agencies (for population health reasons or oversight

Who cannot access my health information?

  • Employers, unless you provide written permission
  • Individuals and organizations involved in marketing, advertising or sales, unless you give written or permission
  • Family members or others to whom you have NOT given express written or oral permission

Related Topics: 

Obtaining copies of medical records
Requesting an amendment/correction to your medical records

popup-image

Latest podcast episode is about violence in the healthcare workplace

Listen Now