Who has Access to your Medical Records?
Updated: Nov 15, 2019
Medical care advancements and new insurance options continue to make the news. With new technological improvements such as electronic medical records that can be accessed from most medical sites, and the use of telemedicine, you may be concerned about the confidentiality of your medical record. There are federal and New York State laws that continue to protect the confidentiality of your medical information, even in these times of electronic records.
So, who has access to your medical records? As a patient, you may see your own medical records in most cases. New York State law gives patients access to their records with some restrictions on what may be obtained. There are also rules for what fees may be charged for copies of your records. For more details see “Do I have the Right to see my Medical Records” at the New York State Health Department’s website - www.health.ny.gov.
Others with access to your records include your medical providers, your health care agent appointed through a health care proxy, if you do not have capacity to make medical decisions as determined by your physician, and anyone else you authorize to see the records. The New York State Health Department may have access in the ordinary course of ensuring that your health care providers are in compliance with applicable quality of care standards or for auditing purposes. Your medical insurance company may have access when it requires information necessary for payments to be made for services rendered to you. If you would like more information regarding who has access to your medical records see “Access to patient information” at www.health.ny.gov.
Both New York State and federal laws require health care providers to take precautions to protect the confidentiality of their patients’ medical records. Under federal laws, health care providers must obtain your written authorization to use or disclose your medical information unless it is for treatment, payment, health care operations or otherwise permitted by law. Health care providers must limit the use and disclosure of their patients’ health information to the “minimum necessary”. This means that providers must ensure that reasonable efforts are made to request, use and disclose only the minimum amount of health information necessary. This does not apply to disclosures to: you, other treating health care providers, disclosures made according to your authorizations, or other disclosures required by law.
Federal health care security rules also require health providers to protect the confidentiality of your paper charts and electronic records. Providers must take precautions to protect the security of the information, such as having policies and procedures that allow only authorized persons to access your electronic record.
The Federal security rules that establish standards for confidentiality and availability of your health information are enforced through the Department of Health and Human Services and the Office of Civil Rights. For more information about the federal privacy and security rules visit www.hhs.gov.
In this ever-changing world of technology, continuous and reasonable security measures must be taken by your health care provider to safeguard all of your health information.
As always, if you have any questions, please feel free to contact us here or call us at 585.258.2800.