For example, you may give permission for your family members to have access to your medical records.
However, there can be some exceptions to HIPAA rights.
You might be surprised to learn that other people and organizations can see your medical records without your permission.
Ian Hooten / Science Photo Library / Getty Images
This article will go over how medical record privacy works.
Although the list is not complete, it cvers some common examples of who can access your records.
You will also find out why they want your information and what they can use it for.
Who Can Access Patient Medical Records?
Dozens of people and organizations are legally allowed to see your medical records.
They can make a request or purchase access to them.
In some cases, you better give them permission to access your record.
However, your permission is not always required.
Most data breaches in 2023 were due to a considerable increase in hacking and ransomware attacks.
The aggregated record could have hundreds of patients in it.
This means that they have the right to access your records under specific regulatory guidelines.
Covered entities include:
As covered entities, they have very strict rules they must follow.
One of the most important rules states when they must have written permission from you to share your records.
Under HIPAA, you have a legal right to get copies of your medical records.
HIPAA also lets payers see your medical records.
Life insurance and prescription databases can also access your records.
Even the government can view your medical records in some circumstances.
Who Is Not Covered Under HIPAA?
Employers are not covered by HIPAA.
In other cases, the disclosure is the result of someone’s carelessnesseven yours.
It is illegal to share protected health information under HIPAA.
However, this law does not let people sue for monetary compensation after a data breach.
Medical information is a prime target for hackers because thieves make a lot of money from medical identity theft.
However, hackers are not looking for a specific individual’s records.
Instead, they just want to get as many records that are not aggregated as possible.
Targeted Illegal Access
Another illegal form of access involves an individual patient’s records.
For example, a business might pay someone to get a potential employee’s medical record.
In another situation, a spouse might look for the records of a person they’re divorcing.
Sometimes, celebrities' medical records are stolen.
Accidental Leaks
There are other ways that your private medical information might unintentionally become public.
When the machine goes back to the company, the records might go with it.
The same thing can happen when computer hard drives fail.
You might assume that if the computer isn’t working, the records couldn’t be accessed.
When You Sign Away Your Privacy
You often give entities permission to access your records without even knowing it.
Research
Aggregated data is often used in research.
The studies using the data may help patients in the future.
Selling Data
Sometimes, hospitals and other covered entities will sell aggregated data.
Aggregated data can also be used for marketing purposes.
It is a large source of revenue for many organizations that work with patients.
Local organizations can team with hospitals or other facilities that aggregate patient data.
State, national, or international organizations find other ways to reach the data.
If you take an interest in an organization’s cause, you might be on their fundraising lists.
Summary
In the U.S., there are laws that control who can see your health information.
There are also rules about how that information can be used.
One of your rights as a patient is the ability to access your medical record.
For example, law enforcement or agencies that handle workplace injuries can ask to see your records.
Sometimes your permission is needed, but not always.
In some cases, data from thousands of patients are put together.
When this is done, no one patient is easy to identify.
This aggregated data is “de-identified.”
This pop in of data can be used for many things, like marketing and research.
The HIPAA Journal.Healthcare data breach statistics.
U.S. Department of Health & Human Services.Summary of the HIPAA Privacy Rule.
Centers for Disease Control and Prevention.Health Insurance Portability and Accountability Act of 1996 (HIPAA).
