Unauthorized Access of Medical Health Records

Where You Need a Lawyer:

(This may not be the same place you live)

At No Cost! 

 What Are Medical Health Records?

Medical health records are the collection of an individual’s past documents that includes their:

  • Medical treatments;
  • Diagnoses;
  • Surgeries; and
  • Other information.

These records are usually kept by the individual’s health care institution, for example, a hospital. Medical health records can be quite exhaustive.

In addition, they may contain private information about an individual. There are various laws, including the Health Insurance Portability and Accountability Act (HIPAA) and other medical record privacy laws that regulate their use and distribution.

Although it is necessary for healthcare providers to keep meticulous records, these records also contain extremely private information. Before medical health records were kept on computers and electronic devices, they were maintained as paper records.

This method was safer from a privacy standpoint because it was more difficult to steal the records and their data physically. Now, information is almost exclusively stored in electronic databases, allowing hackers to access the digital records that are not expertly protected.

Generally, medical health records cannot be accessed without an individual’s permission as well as without notifying them. These records may be consulted for various applications as well, including insurance applications or immigration requests.

An employer may request an employee’s health information from them to justify their medical leave of absence. In the context of personal injury cases, health records may be required in cases where a victim had a pre-existing medical condition related to their injuries in connection with a current claim.

How Are Health Records Protected?

As noted above, medical health records are protected by HIPAA. This a federal law that provides national standards that must be used to protect patient health information from disclosure without their knowledge and consent.

The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to satisfy these HIPAA mandates. The individuals and entities that are subject to the Privacy Rule and considered covered entities that must comply with it include every healthcare provider that transmits health records electronically in connection with the following:

  • Insurance claims;
  • Requests for Information about eligibility for benefits;
  • Requests for authorization of referrals; and
  • Other types of transactions that are subject to HHS standards under the HIPAA Transactions Rule.

Health plans are also subject to the Privacy Rule, which include:

  • Insurance companies that provide health, dental, vision, and prescription drug insurance plans;
  • Health maintenance organizations (HMOs);
  • Medicare, Medicaid, Medicare+Choice, and insurance companies that provide Medicare supplement policies;
  • Insurance companies that provide long-term care insurance;
  • Group health plans sponsored by employers;
  • Government- and church-sponsored health plans; and
  • Multi-employer health plans.

One category of entity that is exempt from compliance with the Privacy Rule is a group health plan that has fewer than 50 participants and is administered solely by an employer who sets up and maintains the plan.

A healthcare clearinghouse, or a business that processes information that is received from other entities, is also a covered entity. Typically, these clearinghouses provide processing services to health plans or healthcare providers as business associates.

An individual or entity that uses or discloses health information to perform a business function, for example, processing insurance claims, data analysis, or billing, is also a covered entity that is required to protect the privacy of patient health information.

Do I Have the Right to See My Own Medical Records?

Yes, an individual has the right to view their own medical records. Typically, a health care provider or any other holder of medical health records is required to implement certain technical and administrative safeguards to ensure that information within those medical records is not available to the public, as noted above.

An individual may, however, request a copy of their own medical records from their healthcare provider or other entity that holds the information. That holder of information is required to deliver the individual’s records to them within 30 days.

It is important to note that, although an individual does have the right to obtain their own medical records, it is not illegal for their healthcare provider to charge them a fee for providing a copy of those records.

The required fees may vary by state as well as by healthcare institution.

Can Medical Health Records Be Accessed in a Personal Injury Lawsuit?

One major concern related to medical health records is their use in a personal injury claim. In general, the communications between a doctor and a patient are confidential if they are being made in connection with the lawsuit.

Although the medical health record will be made, the information is considered privileged, or confidential. Accessing medical records for personal injury claims is subject to various legal procedural rules.

For example, suppose that an individual’s neck was injured in a vehicle accident and they consulted a doctor to determine the estimated damages costs in a lawsuit. Because the information will be used in a lawsuit, the other driver cannot have access to these consultation records.

In some situations, however, the information may be required to be released by an order of the court. In some cases, it may also be necessary to access an individual’s health insurance documents.

What if I am Involved in a Dispute Over Medical Health Records?

Laws prohibit the unauthorized release of a patient’s medical health records. This information may be sought for marketing or advertising purposes, for example, if a pharmaceutical company wishes to know which types of medicines are popular.

An insurance company may also seek to learn this type of information. These organizations can only access the information in a manner that is legal and in accordance with procedural rules.

Access to medical records is strictly controlled, especially in personal injury lawsuit cases. An exception to this an individual should be aware of is when their identifying information is not revealed, or is blacked out, so they cannot be identified.

Certain uses of information in this manner are permitted. For example, it may be used for public health or research purposes.

If an individual or entity fails to abide by the legal requirements for accessing medical health records, it may result in a health record privacy dispute. This type of dispute may result in a monetary damages award for a plaintiff for any losses or injuries that resulted from the illegal access to their medical records.

If an individual has issues related to their medical records, they should consult with a medical records lawyer who can help them resolve their dispute and obtain compensation if they are eligible.

Do I Need a Lawyer for Help with Medical Health Records?

Medical health records are valuable tools in many different situations. However, they must be accessed as well as handled with great care in order to prevent their misuse.

If you have any issues, questions, or concerns related to your medical health records or access, it may be helpful to consult with an insurance lawyer. Your lawyer can tell you about your legal rights related to your medical records and determine if any violations have occurred.

If a violation has occurred and you have to file a lawsuit, your lawyer will represent you throughout the process. Having a lawyer helping with your medical records issue will ensure that your rights are protected and you obtain the compensation you deserve.


16 people have successfully posted their cases

Find a Lawyer