Health NW: How confidential are your medical records?

<center>Kathryn B. Brown, FNP</center>

If you worry that your medical information could be given to others without your consent, you have a legitimate concern. In this "Information Age" we have electronic medical records, faxes, answering machines, cell phones, e-mail and the Internet. All these types of technology can help health care providers care for and communicate with patients more efficiently, but can also make it easier for your confidential information to be accessed without your permission.

All health care offices and organizations will be working to increase the privacy and security of patient records in the next year. The Health Insurance Portability and Accountability Act (HIPAA) sets nationwide standards for the security of medical records, which all medical practices must meet.

Traditionally, doctors' offices and health care clinics keep their patients' information in paper charts that are filed alphabetically. The charts are stored in filing cabinets, which should be locked up after business hours.

Now, more and more health care providers are using electronic medical records (EMRs) rather than paper charts. Patients' records are stored, accessed and updated on computers in the office. These records can be viewed only by the health care providers and staff who have a password.

Your medical record, whether on paper or in electronic form, contains all the information you have ever given to your health care provider, such as name, address, phone numbers, Social Security number and birth date. It contains information about your current and past medical problems, medications, hospitalizations, surgeries and other treatments. There is a section with the results of the blood work, X-rays and other tests you've had done. Your health care provider writes a "progress note" after each appointment. This note contains the reason for the visit, your symptoms, the results of the physical exam, a diagnosis and the plan for treatment.

By law, health care providers must keep patients' medical records for at least 10 years after the patient's last appointment. After this, the records may be destroyed. Some offices and clinics may keep records longer than 10 years, but storage space is often a problem.

Your medical record actually belongs to the health care provider, clinic or institution, so you will not be able to obtain the original record. However, you are entitled to request a copy of any or all of the information in your records.

It is illegal for information in your medical record to be released without your written consent, with a few exceptions. In order to be reimbursed by your insurance company, Medicare or Medicaid, your provider must release some medical information about your diagnosis and treatment plan. If you are referred to another health care provider, your medical information may be shared with that provider. If you have a communicable disease (such as tuberculosis, measles, hepatitis and some sexually transmitted infections) the public health department must be notified so that they can prevent the spread of disease. If you are in legal trouble, your health care provider could be subpoenaed to provide your medical records to the court.

When you first visit a new health care provider, you may be asked to sign a waiver allowing the provider to release your medical information to others. Usually this is to help your provider get paid by your insurance company. Be cautious about signing "blanket waivers" which authorize the release of all of your medical information to anyone who requests it.

If you are concerned about the confidentiality of your medical records, ask your health care provider or the clinic manager about how your medical records are stored and protected. You should feel confident that your personal information won't be visible to other patients, whether it is in a paper chart, on a computer screen or on a fax machine in the office, that office staff won't allow other patients to overhear conversations about you and that your information won't be given out to anyone without your permission.

Kathryn B. Brown is a family nurse practitioner with a master's degree in nursing from OHSU. Is there a health topic you would like to read about? Send your idea to

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.