Your Health Privacy Rights

Your Rights Based On the U.S. Constitution and State Laws:

  • Right to control who can see, use, share and sell our health information.
  • Right to feel safe talking truthfully to your doctors.
  • Right to privacy and control of health information unless otherwise stated or required by law.
  • Right to be notified of any breach or possible breach of information.
  • Right to audit trails of every disclosure of health information.  Health IT makes it easier than ever to know exactly who has your information.
  • Right to EHR and PHR systems that have the highest standards for security (keep hackers out).
  • Right to participate in research and have researchers access your records ONLY if you give informed consent.
  • Right to segment sensitive information such as mental health, addiction or STDs, in your health record.
  • Right to obtain prescriptions with privacy; no one should be able to use or sell your prescriptions without your consent.
  • Right to obtain employment, insurance, credit, admission to schools, etc. without being compelled to share health information unless required by statute.

Patient Privacy Rights is working to ensure these rights are guaranteed by Congress.


HIPAA Health Privacy “Rights”:

  • Receive notice of how providers use and share your information with over 4 million “covered entities”, without asking you (“Privacy Notice” or “Notice of Privacy Policies”).
  • The right to a copy of your health records. The provider may charge a “reasonable fee” for such copies.
  • You can request changes to your health records. The provider does NOT have to make the changes requested. Your changes must be added to your records and the provider has to state reasons s/he disagrees with changes.
  • You can request an accounting of disclosures of your health information.  Most disclosures do not require consent and have no audit trails.  Audit trails are required only for disclosures for “non-routine” uses.
  • Health establishments and “covered entities” are required to secure information to the best of their ability, and a privacy official must be designated by each “covered entity.”
  • The ADA prohibits an employer from asking about health information or requiring a physical prior to an offer if they have more than 15 employees.  After the offer is made, the employer may require a medical exam if it is required by all employees with similar positions.  Employers may also ask employees to authorize disclosure of their medical records.  But, if the employer is self-insured they can access their employees’ medical information without consent.

Job discrimination is the most common complaint sent in to Patient Privacy Rights.