Medical records can contain very sensitive personal information that you wouldn’t want to be broadcast to everyone. If you’ve ever been concerned that an employer or family member could easily find out medical information you want to keep quiet, you can rest assured that it’s not that simple.

The History of Medical Privacy

In 1996, the United States Congress enacted The Health Insurance Portability and Accountability Act, or HIPAA for short. This act covered a lot of different issues related to healthcare, but one of the most notable was its rules on privacy. It has a strict set of rules on who can and cannot view medical records or other personal information provided to healthcare providers.

When you visit a new doctor and first fill out all that paperwork, one of the things they ask you is if you would like to allow your medical records to be viewed by anyone else. This allows spouses, parents, or children to be given information about your medical records if they ask. If someone is not on that list, they cannot view it, unless they have a court order or some other legal authority to access the information.

How Long Are Health Records Stored?

While the laws on how long health records must be stored vary a little from state to state, the general rule is that records are stored for at least five years past when the patient was last seen. Most medical records are now stored digitally, which means that a lot of records can be stored in very little space, so some hospitals are choosing to hold onto them nearly indefinitely, in case they are ever needed again.

If medical records are destroyed, it must be done thoroughly, in a way that makes them impossible to reconstruct. This is to protect the patient’s confidential information. Paper documents are shredded, microfilm is pulverized, and DVDs are cut.

Data Security and Medical Records

One question that comes up a lot with digitized records is asking whether they are stored securely. If a local clinic sends medical records to a network hospital, is there a chance someone could hack into the system and retrieve those files?

HIPAA requires healthcare providers to follow procedures that will adequately protect patient data, such as encrypting data or password protection. Technology is changing all the time, so there is no way to guarantee 100 percent that there will never be an issue, but there are many safeguards in place. Healthcare providers are also required to notify patients if there has been a security breach, so anyone whose data might have been affected can take steps to protect themselves.

If you have questions about how your personal clinic handles your records, ask them about their policies. You can also request a printed copy of your medical records to keep safe with you at home.

Contact our attorneys today to learn more or to get started on your case!