FAQ: Medical Records and Your Legal Rights
What is HIPAA?
HIPAA stands for the Health Information Portability and Accountability Act, a federal law enacted in 1996. The law has provisions governing health insurance and medical records.
The HIPAA Privacy Rule is the portion of the HIPAA law that governs the handling of medical records. It requires medical providers and other entities to protect the confidentiality of medical records. It also gives patients the right to obtain a copy of their medical records.
What entities are governed by HIPAA?
HIPAA applies to virtually all medical providers — including doctors, hospitals, pharmacies, health plans and nursing homes — that accept private insurance, Medicaid or Medicare. HIPAA also governs entities that process insurance claims and/or transmit payment information. Free health clinics are among the few medical providers that may not be governed by HIPAA.
What personal medical records may you obtain?
Almost all of them, although there are a few narrowly defined exceptions. You have a right to a copy of your patient information, medical history, examination and test results, treatment received, medicine prescribed and doctor’s notes. In addition to medical records, providers must provide a copy of your billing records upon request. Psychotherapy notes are not covered. If a provider denies your request for records, the provider must state the denial in writing.
How quickly must a provider provide requested medical records?
In most cases providers must provide a copy of requested medical records within 30 days. A 30-day extension is permitted for “good reason.”
What can a medical provider charge for providing copies of medical records?
A medical provider may charge a reasonable fee for copying and mailing. The provider cannot charge a fee for searching or retrieving records.
What should you do if you find incorrect information in your medical records?
The HIPAA Privacy Rule gives a patient the right to amend incorrect information in one’s medical records. If you find an error, you should submit a request in writing for the record to be corrected. The medical provider or health plan must respond to your request. The provider must either correct the information or add your statement of disagreement to your record.
In addition to your own records, whose medical records may you access?
You may have the right to access the medical records of:
• Someone who has designated you as their representative. For example, many senior adults designate their adult children as representatives.
• Someone who has given you written permission to access their records.
• The records of your children and anyone else for whom you are a legal guardian.
• In some cases, the records of a deceased person; for example, if you are managing someone’s estate.
Who has legal access to your medical records?
Only you or your designated representative has the right to access your medical records. Also, a medical provider may send copies of your records to another provider as needed for treatment or payment or as authorized by you.
Do you have a right to know who has gained access to your medical records?
Yes. HIPAA requires providers to maintain a list of disclosures going back six years and to make the list available to you upon request. When an entity accesses your medical information as part of giving you treatment or billing you, it is not required that that disclosure be included on the list.
Do debt collectors have a right to information about your unpaid medical bills?
For More Information
For more information about the laws governing medical records, see the excellent website of Georgetown University’s Center on Medical Record Rights and Privacy. That website includes a section called: “Your Medical Record Rights in Oklahoma.”