Many people consider their health information to be highly sensitive, deserving the strongest protection under the law. Medical records often contain not only personal health-related information – considered by most to be strictly confidential -- but also Social Security numbers and dates of birth -- the keys to identity theft.
Over the years, the Privacy Rights Clearinghouse has heard from thousands of individuals who feel their medical privacy rights have been violated. There is a great deal of misunderstanding about medical privacy laws and regulations. Most individuals think they have far more legal protection than they actually have.
What are your rights to medical privacy? As it turns out, that is not a simple question to answer. Chances are, you've heard of HIPAA, the Health Insurance Portability and Accountability Act. It is a federal law that sets a national baseline standard for the privacy of individually identifiable health information.
But HIPAA only applies to health care providers that conduct certain transactions electronically, health plans, and health care clearinghouses. A great deal of personal medical information exists that is not maintained by HIPAA “covered entities.” An example would be personal medical information provided voluntarily when one participates in an online chat forum for individuals with a specific ailment.
Fortunately for individuals who live in California, state law provides additional medical privacy protections. The PRC has launched a microsite dedicated solely to medical privacy in California. It is available at https://www.privacyrights.org/california-medical-privacy.
The Fact Sheets posted on the microsite are:
- C1: Medical Privacy Basics for
Topics: medical privacy terms and definitions, how HIPAA and California laws work together, California laws that protect medical privacy, and what information your medical records contain.
- C2: How is Your Medical Information Used
and Disclosed – With and Without Consent?
Topics: authorization requirements when using or disclosing your medical information, when medical information can be used or disclosed without your authorization or consent.
- C3: Your Medical Information and Your
Topics: your rights if your medical information is breached, your rights regarding the sale of your medical information, and your rights to prevent marketers from using your medical information.
- C4: Your Prescriptions and Your Privacy
Topics: pharmacy benefit managers, prescription drug reports, prescription data mining, prescription drug monitoring programs, and tips for safeguarding your prescription information.
- C5: Employment and Your Medical Privacy
Topics: drug tests, access to workers compensation records, protections for disabled job applicants and employees, employer-sponsored health plans, employer access to your medical information, and employee wellness and harm risk reduction programs.
- C6: Health Information Exchange: Is Your
Topics: description of Health Information Exchange, benefits and risks, access guidelines, and consent for the electronic exchange of your medical information.
Over time, we will expand the site to include additional Fact Sheets.
For information about health privacy issues not specifically related to California, read these guides on our website:
- Fact Sheet 8: Medical
- Fact Sheet 8a: HIPAA
Basics: Medical Privacy in the Electronic Age
- Fact Sheet 8b: Medical Privacy FAQ
Do you have a medical privacy question that our Fact Sheets don't address? Use our Online Complaint Center to get a personalized response from our staff.