Keep Your Private Medical Records Private
Talk with your doctor about confidentiality concerns
Personal information you give to your doctor is shared with insurance companies, pharmacies, researchers, and employers based on specific regulations.
The privacy of your health records is protected by federal law (the Health Insurance Portability and Accountability Act, also known as HIPAA), which:
- Defines your rights over your health information
- Sets rules and limits on who is allowed to receive and/or see your health information
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) (1-800-368-1019) is an excellent resource for complete details and advice about the HIPPA ruling. Along with fact sheets and educational materials, the OCR also provides a listing of resources for consumers, providers and advocates. If you believe that a person, agency or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you can file written complaints with OCR.
The Medical Information Bureau (MIB) is a data bank used by insurance companies that collects and shares information. You can request a copy of your file to be sure the information is accurate by writing to:
50 Braintree Hill Park, Suite 300
Braintree, MA 02184-8734
or call toll-free 1-866-692-6901 (TTY: 1-866-346-3642).
There is a fee to obtain a copy of your file.
If you believe that a person, agency, or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you may be able to file written complaints with the Department of Health and Human Services, Office for Civil Rights.
Protect your medical information
Know your rights and exercise them. Here are some steps you should take to ensure the accuracy and privacy of your medical information:
- Talk with your doctor about confidentiality concerns. Discuss the uses of your health information and what is required for insurance purposes.
- Read the fine print. Most authorization forms contain clauses allowing information to be released. You may be able to restrict some disclosures by revising the form. Hint: Be sure to initial and date your revisions.
- Request a copy of your medical records so you know what's in them.
- Register your objections to disclosures that you consider inappropriate. Contact the specific entity involved, state office, or the Department of Health and Human Services.
Medical identity theft
Medical identity theft, a twist on traditional identity theft, happens when someone steals your personal information. Like traditional identity theft, medical ID theft can affect your finances, but it also can take a toll on your health. Some ways you might detect medical ID theft include:
- You get a bill for medical services you did not receive.
- A debt collector contacts you about a medical debt you don't owe.
- You find medical collection notices on you don't recognize on your credit report.
- Your health plan says you've reached your limit on benefits when you know you haven't.
- You are denied insurance because your medical records show a condition you don't have.
If you believe that a person, agency, or organization covered under the HIPAA Privacy Rule violated your health information privacy rights or committed another violation of the Privacy Rule, you may be able to file a written complaint with the Department of Health and Human Services, Office for Civil Rights.