The Privacy Of Your Medical Records
What Do Medical Records Consist Of?
Both state and federal laws require that hospitals and other health care institutions maintain medical records of all patients they treat. Medical records consist of all information written down by a physician or other provider during office visits, including information the patient tells the physician regarding lifestyle habits, family history, and past medical problems. Medical records also consist of hospital records, laboratory test results, and x-rays. Basically any communication committed to writing regarding a patient’s care is part of the medical record. Medical facilities and physicians are required by law to provide patients access to and/or a copy of their medical records upon request.
To What Extent Are Medical Records Private?
Federal law requires that physicians obtain a patient’s consent before sharing information contained in a patient’s medical records to anyone, including another physician (unless the other physicians are in the patient’s presence). Most states also have similar laws. The United States Department of Health and Human Services has developed standards for maintaining privacy of individuals’ medical records. These standards provide greater protections for health care data, requiring health care providers or plans to:
- notify patients of their privacy rights and how their information can be used;
- adopt and implement privacy procedures;
- train employees so they know and understand the privacy procedures;
- designate an individual to be responsible for implementing the privacy policies and procedures; and
- secure patient records so that they are not readily available to those who do not have access to them.
If a healthcare provider violates any of the above standards, a patient is not entitled to file a lawsuit on that basis. However, monetary penalties can be assessed against violators.
In addition to the federal safeguards described above, healthcare providers owe patients a common law duty to act reasonably to protect their medical information from unauthorized disclosure. A healthcare provider’s failure to maintain the confidentiality of a patient’s medical records can lead to liability. Unauthorized disclosure of medical records has been the basis for successful suits claiming medical malpractice, invasion of privacy, and violation of medical record privacy statutes.