Who Owns your Health Information?

Your Privacy Rights*

In the USA your physical health record (PHR) belongs to your healthcare provider, but the information in it belongs to you!  Understanding what is in your health record helps you:

•  Make sure it’s correct and complete
•  Know what is being released when you authorize disclosure of information to others
•  Provide an accurate health history to all healthcare providers who treat you 

In principle a PHRs is not considered to be legal record unless it is part of a provider’s electronic health record. In the US, Legal records are entities covered  the The Health Insurance Portability and Accountability Act (HIPAA):

• Covers medical information in any format—written, spoken, or electronic
• Allows patient to view, request changes to, and obtain copies of health information documents
• Provides protections regarding how your information can be used

Under HIPAA, you likely received a Notice of Privacy Practices when you visited a new healthcare provider or pharmacy. You would have been asked to sign a statement saying you’ve been given the notice. This Notice details your privacy rights, how your information is used and disclosed, and explains who will have access to your information.

Who else has access to your health information? 

The US law says that anyone can see your health record that needs it in order to provide your treatment, to facilitate payment for healthcare services, and to make sure quality care is being received. Most healthcare organizations have quality assurance departments. People in these departments review patient information in order to monitor and improve the quality of care you receive. Your information may also be used for research and as a legal document in cases where evidence of care is needed.
For the most part, anyone who wants to use it for any other purpose needs your permission first. Hospitals can share information with family members without your authorization if you are unable to consent and a family member (such as spouse, parent, or child) is involved in providing your care.

If you believe your privacy rights have been violated, you should contact the Privacy Officer of the provider where you believe the violation occurred to try to resolve your concern. If you are unable to resolve your concern locally, you can file a formal complaint regarding the organization’s privacy practices directly to the organization, health plan, or to the Department of Health and Human Services’ Office for Civil Rights (OCR).

* This information is taken from the web site  http://www.myphr.com run by the American Health Information Management Association (AHIMA), a national non-profit professional association. Readers should refer to the original site for any further enquiry or doubt.