Ask a Librarian
Contact an Attorney
There are state and federal laws that protect the confidentiality of your "individually identifiable health information".
According to 1320d(6) in Title 42 of the U.S. Code (Health Insurance Portability and Accountability Act):
The term "individually identifiable health information" means any information, including demographic information collected from an individual, that—
(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and—
(i) identifies the individual; or
(ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.
While HIPAA refers to "individually identifiable health information", the HIPAA Privacy Rule refers to an individual's health information as "protected health information" (PHI). You can read the definition of "protected health information" in Part 160.103, Subpart A, Code of Federal Regulations, Title 45.
The Texas Medical Records Privacy Act requires “covered entities” to comply with HIPAA and adds additional protections. You can find these laws in the Texas Health and Safety Code, Chapter 181.
A “covered entity” includes any person who assembles, collects, or uses health information. For example, a school or healthcare facility would be a “covered entity”. You can read the full definition of a “covered entity” in Section 181.001(b)(2) of the Texas Health and Safety Code.
With some exceptions, a covered entity may not:
If a covered entity violates these laws, they may be subject to civil penalty or disciplinary action.
There are some exceptions to these laws. For example, employers, insurance companies, the American Red Cross, Workers’ Comp, and other entities are partially exempt from the Texas Medical Records Privacy Act. You can find a list of exempt entities in Texas Health and Safety Code, Chapter 181, Subchapter B. Some statutes within Texas Health and Safety Code, Chapter 181 provide more exceptions. Be sure to review the text of the law before taking any legal action.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect a person's individually identifiable health information from being disclosed without their consent.
Your rights under HIPAA include:
In addition to your right to privacy, there are national standards for electronically storing and sending health care information to protect your privacy.
Your medical provider can share your medical records for certain reasons without asking your permission. For example, your doctor can share your information with another doctor who will treat you or the hospital where you are staying. Your information may also be shared for research or public health reasons.
This video from the U.S. Department of Health & Human Services summarizes privacy rights under HIPAA.
These resources explain how to get your personal medical records. It also discusses situations when a person can access someone else's medical records.
Below are some of the library resources that can provide further guidance on this topic. If you are not able to visit the State Law Library in Austin, this book might be available at a law library near you or a public library near you.