There are federal laws that protect the confidentiality of your identifiable health information.

The Health Insurance Portability and Accountability Act (HIPAA) defines "individually identifiable health information."

According to HIPAA, "individually identifiable health information" includes any information collected from an individual that:

• is created or received by a healthcare provider, health plan, or employer 
• relates to their health
• relates to their payment for health care
• can identify the individual

You can read the full definition of "individually identifiable health information" in 1320d(6) in Title 42 of the U.S. Code.

While HIPAA refers to "individually identifiable health information," the HIPAA Privacy Rule refers to an individual's health information as "protected health information" (PHI). You can read the definition of "protected health information" in Part 160.103, Subpart A, Code of Federal Regulations, Title 45.

Federal Laws

The Texas Medical Records Privacy Act requires "covered entities" to comply with HIPAA and adds additional protections. You can find these laws in the Chapter 181 of the Texas Health and Safety Code.

A "covered entity" includes any person who assembles, collects, or uses health information. For example, a school or healthcare facility would be a "covered entity". You can read the full definition of a "covered entity" in Section 181.001(b)(2) of the Texas Health and Safety Code.

With some exceptions, a covered entity may not:

• reidentify information (Section 181.151);
• use personal health information for marketing purposes without permission (Section 181.152);
• sell personal health information (Section 181.153); and
• fail to notify an individual when their information might be disclosed electronically (Section 181.154).

If a covered entity violates these laws, they may be subject to civil penalty or disciplinary action.

There are some exceptions to these laws. For example, employers, insurance companies, the American Red Cross, Workers’ Comp, and other entities are partially exempt from the Texas Medical Records Privacy Act.

You can find a list of exempt entities in Chapter 181, Subchapter B of the Texas Health and Safety Code. Some statutes within Chapter 181 provide more exceptions. Be sure to review the text of the law before taking any legal action.

Texas Laws

File a Complaint

Understanding the Law

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect a person's individually identifiable health information from being disclosed without their consent.

Your rights under HIPAA include:

• your medical records must remain private.
• you can access your medical records.
• you can request to correct any mistakes you may find in your medical records.
• if you disagree with something in your medical records, you can make a written statement of disagreement that will be stored with your medical records.
• you can be made aware of how your medical records are being used or shared.
• you can get a report of who your medical records have been shared with. This is referred to as an "Accounting of Disclosures".
• you can establish how you prefer to be contacted by medical providers. 
• you can request that your information not be shared with certain entities. 
• you can file a complaint if you feel your rights have been violated. 

In addition to your right to privacy, there are national standards for electronically storing and sending health care information to protect your privacy.

Your medical provider can share your medical records for certain reasons without asking your permission. For example, your doctor can share your information with another doctor who will treat you or the hospital where you are staying. Your information may also be shared for research or public health reasons. 

Federal Laws

File a Complaint

Understanding the Law

These resources explain how to get your personal medical records. It also discusses situations when a person can access someone else's medical records.

Understanding the Law

Medical Debt Under $500

In 2023, the 3 major credit reporting agencies announced that they will no longer report medical debt under $500.

Federal Regulations

In 2025 the Consumer Financial Protection Bureau (CFPB) finalized a federal rule to prohibit the use of medical debt in credit reports.

Below are some of the library resources that can provide further guidance on this topic. If you are not able to visit the State Law Library in Austin, this book might be available at a law library near you or a public library near you.