Yes. The HIPAA Privacy Rule gives you the right to inspect, review, and receive a copy of your health and billing records that are held by health plans and health care providers covered under HIPAA.
Your State may also have laws that give you rights to see and copy your medical records. If there is a difference between State and Federal law, your provider must follow the law that gives you the most rights.
Yes. You have a right to receive an "accounting of disclosures," which is a list of certain instances when your health care provider or health plan has shared your health information with another person or organization. There are some major exceptions to this right. Currently, an accounting of disclosures does not include information about when your health care provider or health plan shares your information with another person or organization for treatment, payment, or health care operations.
Yes. You can ask your health care provider or your health plan to correct your health record by adding information to it to make it more accurate or complete. This is called the "right to amend." For example, if you and your hospital agree that your record has the wrong result for a test, the hospital must change it. If you and your health provider or health plan do not agree that an amendment is necessary, you still have the right to have your disagreement noted in your record. In most cases, your record should be changed within 60 days, but the provider can take an extra 30 days if they provide you a reason.
Yes. You can learn how your health information is used and shared by your provider or health insurer. They must give you a notice that tells you how they legally may use and share your health information and how you can exercise your rights. In most cases, you should get this notice on your first visit to a provider or in the mail from your health plan, and you can ask for a copy at any time. This is the document that providers often ask for you to sign to indicate that you have received it.
Yes. If you believe your information was used or shared in a way that is not allowed under the HIPAA Privacy Rule, or if you were not able to exercise your health information rights, you can file a complaint with your provider or health insurer. The privacy Notice you receive from them will tell you how to file a complaint. You can also file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or your State's Attorneys General Office.
Yes. The HIPAA Privacy Rule sets a Federal "floor" of privacy protections — a minimum level of privacy that health care providers and health plans must meet. Many States have health information privacy laws that have additional protections that are above this floor. In addition, even though HIPAA is a Federal law, State Attorneys General have been given the authority to enforce HIPAA.
Learn more about:
For additional information, see the HHS Office for Civil Rights.