Privacy & Your Health Information

You have privacy rights under a federal law that protects your health information. These rights are important for you to know. Federal law sets rules and limits on who can look at and receive your health information. 

Who must follow this law?
  • Doctors, nurses, pharmacies, hospitals, clinics, nursing homes, and many other healthcare providers and their vendors 
  • Health insurance companies, HMOs, and most employer Group Health Plans 
  • Certain government programs that pay for healthcare, such as Medicare and Medicaid 
What information is protected?
  • Information your doctors, nurses and other healthcare providers put in your medical records 
  • Conversations your doctor has with nurses and others regarding your care or treatment
  • Information about you in your health insurer’s computer system
  • Billing information about you at your clinic
  • Most other health information about you held by those who must follow this law
You have rights over your health information
  • Providers and health insurers who are required to follow this law must comply with your right to:
  • Ask to see and get a copy of your health records
  • Have Corrections added to your health information
  • Receiving notice that tells you how your health information may be used and shared
  • Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as marketing
  • Get a report on when and why your health information was shared for certain purposes
  • File a complaint

If you believe your health information was used or shared in a way that is not allowed under the privacy law, or if you weren’t able to exercise your rights, you can file a complaint with your provider or health insurer. You can also file a complaint with the U.S. government. Go online to:

To make sure that your health information is protected in a way that doesn’t interfere with your health care, your information can be used and shared:

  • For your treatment and care coordination
  • To pay doctors and hospitals for your healthcare
  • With your family, relatives, friends or others you identify who are involved with your healthcare or your healthcare bills, unless you object
  • To make sure doctors give good care and nursing homes are clean and safe
  • To protect the public’s health, such as by reporting when the flu is in your area
  • To make required reports to the police, such as reporting gunshot wounds
Without your written permission, your provider cannot:
  • Give your health information to your employer
  • Use or share your health information for marketing or advertising purposes
  • Share private notes about your mental health counseling sessions


 Adapted from the U.S. Department of Health & Human Services Office for Civil Rights.

 A separate law provides additional privacy protections to patients of alcohol and drug treatment programs. For more information go online to