National Breast Cancer Coalition

Keeping Your Records Private

You have a right to keep your records private between you and your doctors. This is called "medical privacy." There are systems to protect your rights, but there are also gaps. At the same time, your doctors and nurses need to share information with each other. And records can be used for important research. The challenge is to protect your privacy and still make sure your caregivers have the information they need.

What You Can Do:

Ask about confidentiality.

Ask how your records will be kept private before you sign informed consent forms. At some point, a medical researcher may ask to use your health care records. Sharing your health care information with researchers can be a great help to others. It helps answer important questions about breast cancer. But before agreeing to do this, ask:

  • How will you protect my privacy?
  • How will you share my information with other doctors or researchers?
  • What research are you doing?
  • How will you use that information?
  • Who will get this information?
  • When and how will I learn the results of the research?

The answers to these questions can help you make sure your information is used properly.

Know your rights.

There are state and federal laws to protect your medical privacy.

Federal privacy regulations to protect patients' medical records and other health information provided to health plans, doctors, hospitals, and other health care providers took effect in 2003 as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Patient privacy protections provided by the HIPAA regulations include:

  • Patients' right to see and obtain copies of personal medical records within 30 days of a request
  • Patients must be notified by their health care providers of their privacy rights under the HIPAA regulations
  • Limits on the use of personal medical information by health plans and health care providers
  • Restrictions on the use of patient information for marketing purposes
  • Federal privacy regulations do not preempt stronger state protections
  • Under the privacy rule, patients can request that communications with their health care providers remain confidential
  • Consumers may file a formal complaint regarding the privacy practices of a health plan or health care provider, which will be investigated by the U.S. Department of Health and Human Services Office for Civil Rights charged with enforcing the privacy regulations.

For more information on HIPAA regulations, contact the U.S. Department of Health and Human Services Office for Civil Rights.

In addition, the Health Privacy Project provides a good summary of privacy laws around the country. The Health Privacy Project was founded at Georgetown University, but has since become an independent, non-profit organization. Contact the Health Privacy Project to learn about privacy protections in your state.