Skip to Main Content
my account

Privacy and Personal Information

This guide provides books and other information resources on the topic of guarding your personal data.

Medical Records


Protected Health Information

There are state and federal laws that protect the confidentiality of your "individually identifiable health information". 

According to 1320d(6) in Title 42 of the U.S. Code (Health Insurance Portability and Accountability Act):

The term "individually identifiable health information" means any information, including demographic information collected from an individual, that—

(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and—

  • (i) identifies the individual; or

  • (ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.

While HIPAA refers to "individually identifiable health information", the HIPAA Privacy Rule refers to an individual's health information as "protected health information" (PHI). You can read the definition of "protected health information" in Part 160.103, Subpart A, Code of Federal Regulations, Title 45.

The Texas Medical Records Privacy Act

The Texas Medical Records Privacy Act requires “covered entities” to comply with HIPAA and adds additional protections. You can find these laws in the Texas Health and Safety Code, Chapter 181.

A “covered entity” includes any person who assembles, collects, or uses health information. For example, a school or healthcare facility would be a “covered entity”. You can read the full definition of a “covered entity” in Section 181.001(b)(2) of the Texas Health and Safety Code.

With some exceptions, a covered entity may not:

If a covered entity violates these laws, they may be subject to civil penalty or disciplinary action.

There are some exceptions to these laws. For example, employers, insurance companies, the American Red Cross, Workers’ Comp, and other entities are partially exempt from the Texas Medical Records Privacy Act. You can find a list of exempt entities in Texas Health and Safety Code, Chapter 181, Subchapter B. Some statutes within Texas Health and Safety Code, Chapter 181 provide more exceptions. Be sure to review the text of the law before taking any legal action.

Texas Law

File a Complaint

Understanding the Law

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect a person's individually identifiable health information from being disclosed without their consent.

Your rights under HIPAA include:

  • Your medical records must remain private.
  • You can access your medical records.
  • You can request to correct any mistakes you may find in your medical records.
  • If you disagree with something in your medical records, you can make a written statement of disagreement that will be stored with your medical records.
  • You can be made aware of how your medical records are being used or shared.
  • You can get a report of who your medical records have been shared with. This is referred to as an "Accounting of Disclosures".
  • You can establish how you prefer to be contacted by medical providers. 
  • You can request that your information not be shared with certain entities. 
  • You can file a complaint if you feel your rights have been violated. 

In addition to your right to privacy, there are national standards for electronically storing and sending health care information to protect your privacy.

Your medical provider can share your medical records for certain reasons without asking your permission. For example, your doctor can share your information with another doctor who will treat you or the hospital where you are staying. Your information may also be shared for research or public health reasons. 

Federal Law

File a Complaint

Understanding the Law

Your Health Information, Your Rights

This video from the U.S. Department of Health & Human Services summarizes privacy rights under HIPAA.

Obtaining Medical Records

These resources explain how to get your personal medical records. It also discusses situations when a person can access someone else's medical records.

Resources at the State Law Library

Below are some of the library resources that can provide further guidance on this topic. If you are not able to visit the State Law Library in Austin, this book might be available at a law library near you or a public library near you.