HIPAA Rights: A Patient: Complete Patient Guide | WellAlly
Understanding your HIPAA rights as a patient, including access to records, privacy protections, and what to do if your rights are violated.
Your HIPAA Rights as a Patient
The Health Insurance Portability and Accountability Act (HIPAA) provides you with important rights regarding your health information. Understanding these rights helps you protect your privacy and access your medical records when needed.
Core HIPAA Rights
1. Right to Access Your Records
You have the right to see and get copies of your medical records, including:
- Medical records from doctors and hospitals
- Lab test results
- Imaging reports and images
- Billing records
- Therapy notes (with some exceptions)
How to request:
- Submit a written request to your healthcare provider
- They must respond within 30 days
- They can charge a reasonable fee for copying
Important: Psychotherapy notes are treated differently and may not be accessible.
2. Right to Correct Your Records
If you believe your medical record is incorrect or incomplete, you can:
- Request a correction in writing
- Provide a reason for your request
- The provider must respond within 60 days
If denied: You can add a written disagreement to your file.
3. Right to Confidential Communications
You can ask your healthcare provider to:
- Call you at a different phone number
- Send mail to a different address
- Email you instead of calling
- Use other confidential methods
Example: Receiving test results at work vs. home.
4. Right to a List of Disclosures
You can ask for a list showing who has accessed your health information, including:
- When it was shared
- Why it was shared
- Who received it
Exceptions: Treatment, payment, and healthcare operations disclosures don't need to be listed.
5. Right to Choose a Representative
You can name someone else to make healthcare decisions for you, including:
- Accessing your records
- Making treatment decisions
- Handling insurance matters
This requires proper documentation (power of attorney, etc.).
What Information is Protected?
HIPAA protects PHI (Protected Health Information), which includes:
| Protected | Not Protected | |-----------|---------------| | Medical diagnoses | Employment records | | Treatment records | Life insurance data | | Payment information | Education records | | Photos/voice recordings | Information from non-covered entities |
When Can Information Be Shared Without Permission?
Your information can be shared without your consent for:
| Purpose | Example | |---------|---------| | Treatment | Referring you to a specialist | | Payment | Billing insurance | | Operations | Quality improvement | | Required by law | Reporting certain diseases | | Public health | Disease tracking | | Research (with oversight) | Clinical studies | | Law enforcement | Court orders/subpoenas | | Emergencies | Medical emergencies | | Coroners/organ donation | As needed |
Your Right to File a Complaint
If you believe your privacy rights have been violated:
- File with your provider: They must have a complaint process
- File with OCR: The Office for Civil Rights enforces HIPAA
- Online: OCR Complaint Portal
- Mail: U.S. Department of Health and Human Services
- Phone: 1-866-627-7748
- No retaliation: You cannot be punished for filing a complaint
What to Include in a Complaint
- Your name and contact information
- Description of what happened
- When it happened
- Who was involved
- Your contact preference
Timing for Complaints
- Must be filed within 180 days of the violation
- Extensions possible for good cause
- OCR investigates all complaints
Tips for Protecting Your Privacy
- Review your records regularly
- Read privacy notices carefully
- Ask questions before sharing information
- Report concerns promptly
- Keep your own copies of important records
Summary
HIPAA gives you significant control over your health information. Knowing your rights empowers you to:
- Access your medical information
- Correct errors in your records
- Control how your information is shared
- Take action if your privacy is violated
For healthcare providers, see HIPAA for Providers.
For more on protected information, see Understanding PHI.
Disclaimer: This information is for educational purposes and does not constitute legal advice.
Related Articles
HIPAA Compliance Guide for Healthcare Providers: Complete Pa
A comprehensive guide for healthcare providers on HIPAA compliance, including Privacy Rule, Security Rule, and Breach Notification Rule.
What is PHI? Protected Health Information Explained: Complet
Understanding Protected Health Information (PHI) - what it is, what's covered under HIPAA, and how to handle it properly.