How Private Are Medical Records?


Medical Records & Privacy

Most Americans consider medical records to be confidential documents, especially with the advent of the Health Insurance Portability and Accountability Act (HIPAA), which was implemented as part of federal law in 2003, applies only to personal medical information maintained by health care providers, health plans, and health clearinghouses, and only in certain circumstances.

In reality, a great deal of medical information exists outside of these facilities, and thus falls beyond the reach of HIPAA. While state laws may operate to protect some of this medical information, many people have a false sense of security with respect to the privacy of their medical records and medical information.

Financial Statements

Medical information contained in financial statements is an example of information that may fall outside the purview of HIPAA. Bank statements, checking account statements, and credit card statements may contain information about where you received medical care or treatment and even what type of treatment you received. Unpaid medical bills may be turned over to collection agencies and reported to credit reporting agencies as debts that you owe.

This medical information is not covered by HIPAA and may be shared among different entities without your knowledge or consent. The Fair Credit Reporting Act by U.S. Consumer Finance places certain limits on the way this information can be used when you are applying for a loan or any type of credit, but the fact remains that the lender may have some access to your medical information.

Educational Records

Educational records may also contain medical information that is not protected by HIPAA. Your child’s school record likely contains immunization records, including the dates that the immunizations were administered and the identity of the healthcare provider who administered them.

Educational records may also contain physical examinations completed for sports as well as counseling or psychiatric records related to school behavior or misconduct, or records of visits with the school nurse or school counselor. These records are subject to privacy regulations under the Family Educational and Privacy Rights Act, but are not subject to HIPAA.

Employment Records

Employment records are another common source of medical information. In order to maintain insurance coverage through your employer, you may be required to submit to certain health and wellness screenings, the results of which may be kept in your employment file. Additionally, your insurance company may require you to provide certain medical information if you wish to obtain life insurance or disability insurance coverage.

Likewise, if you are seeking to exercise your right to take leave from employment pursuant to the Family and Medical Leave Act, by United States Department of Labor, you may need to submit medical documentation to your employer regarding your medical condition or a qualifying family member’s medical condition. If you are injured at work and file a claim for workers’ compensation benefits, your employment records are likely to contain information about your injury and medical status.

As these examples illustrate, the laws passed to protect the privacy of your medical records are far from all-inclusive. There is another law, the HIPPA Omnibus Rule (78 Fed. Reg. 5566), which strengthens the privacy and security of your health information. In many cases, you unwittingly consent to allow third parties access to your medical records and those of your family members, typically out of necessity. As a result, you should be aware of these potential disclosures, and take steps to minimize the exposure of any medical information that you wish to keep private.

Additional Resources




Print Friendly, PDF & Email