Families can be complicated, and sometimes, medical treatment exacerbates things. That’s why some patients prefer not to discuss their medical information with relatives, and their right to do so is enshrined in law.

Under the standards set out in the Health Insurance Portability and Accountability Act (HIPAA), patients are always in charge of their medical records, and practitioners can’t share that information with relatives under most circumstances. However, it’s important to note there are a few exceptions to the rule.

Read on to find out how HIPAA protects medical information, what rights your family has to access your medical information, and in what situations someone could legally access your information against your will.

Key Takeaways

• Under the HIPAA Privacy Rule, patients have full control over their medical information in most situations.

• Medical practitioners are legally permitted to share your medical information with your relatives at their discretion if you cannot provide consent.

• Patients are within their rights to expressly tell medical staff not to disclose information to family members.

  
  

Are Medical Records Confidential in the USA?

Strictly speaking: yes. Medical records are confidential in the United States, and that confidentiality even applies to your relatives in certain situations.

Protecting your medical data is enshrined in the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA was enacted in 1996, establishing a set of national standards designed to safeguard sensitive health information, which practitioners often refer to as “protected health information” (PHI). 

Dr. Thomas Pontinen, MD, LCP-C Physician, and Co-Founder of MAPS Centers For Pain Control, explains: 

“HIPAA ensures all healthcare entities in the country establish and maintain safeguards to protect the confidentiality of medical information, giving patients control over access to their medical records by needing to provide explicit authorization for their release except when it’s for treatment, payment, and healthcare operations.”

Under HIPAA, covered entities like doctors, hospitals, and insurers must follow certain confidentiality rules including:

• Sharing only the minimum information necessary for a specific purpose.

• Requiring written authorization from the patient for most disclosures beyond treatment, payment or healthcare operations.

• Implementing appropriate physical, technical, and administrative safeguards to protect PHI from unauthorized access, disclosure or misuse.

Dr. Pontinen adds:

“There are also varying state laws that reinforce HIPAA by imposing extra layers of protection, on top of the ethical codes that healthcare professionals follow to ensure patient privacy, especially regarding their medical info.”

What Rights Does the Family of a Patient Have to Access Their Medical Information?

Under the HIPAA Privacy Rule, patients have full control over their medical records unless they’re incapacitated. That means your relatives have no right to your medical records unless you choose to share them.

Ashley Murry, Chief Clinical Officer at Sana Lake Recovery Centers explains:

“Even family members can only access a patient’s medical information when the patient is incapacitated or when the patient is in a state unable to provide informed consent for the disclosure.”

Suppose you’re unable to consent to a medical provider sharing your details with relatives. In that case, a doctor might need to use their own professional discretion to decide whether the family has a right to know what’s going on.

Murry adds, 

“For instance, a physician might discuss treatment intervention with the patient in the company of a family member or friend.

In our recovery facility, most of our patients might be in a position to provide consent due to their mental health condition, allowing us to always update their family members on their health progress.”

Is It Illegal to Share Someone's Medical Information With Relatives?

Generally speaking, no. Under the HIPAA Privacy Rule, it’s illegal for someone to share your medical information with relatives unless you provide written consent.

However, there are a couple of exceptions. 

Dr. Pontinen explains:

“It’s important to keep in mind that HIPAA’s Privacy Rule balances the protection of an individual's privacy with the need to involve family members in the healthcare process, which is why healthcare providers can generally use their professional judgment to determine whether disclosing information to a family member is in your best interest as a patient.

In such cases, sharing your medical information with family members is legal, especially with your consent, but it might be considered illegal if done in situations not covered by HIPAA’s exception clauses like treatment, payment, or healthcare operations.”

There are also a couple of clauses within the HIPAA standards that permit healthcare providers to share your information with relatives in certain situations.

For example, the Treatment, Payment, and Health Care Operations clause allows healthcare providers to share relevant medical information with family members involved in the patient's care if the disclosure is necessary for treatment, payment or healthcare operations — even without the patient’s explicit authorization.

As mentioned, HIPAA’s incapacity and emergency situations clauses permit healthcare providers to disclose patients’ medical information to family members in cases where the patient cannot provide authorization due to incapacity or emergency.

What Can a Patient Do If They Don’t Want Their Medical Information Shared With Family Members?

“Patients can expressly dictate to the doctors that they do not want their medical information to be shared with family members,” explains Murry.

She continues:

“I believe patients should understand that doctors and all healthcare professionals have the legal responsibility to uphold their wishes and protect their medical records at all costs. However, when it’s in the public interest, doctors are obligated to share their medical information with government and family members.”

In most situations, disclosing your medical information to a relative won’t be in the public interest. So the best way to protect your sensitive health data is to understand your rights and make your wishes known to both your doctors and relatives.

Dr. Pontinen advises:

“To ease your concerns about family members having access to your medical information when you don’t want to, practice communicating with your healthcare providers openly about your right to privacy.

I recommend expressing your preferences and restrictions on information sharing in writing to assert your rights regarding the confidentiality of your medical records.”

You also must protect data on your end to ensure that nobody accesses it without your express consent. That’s where a platform like Trustworthy can offer much-needed peace of mind.

Trustworthy is a Family Operating System® protected by AES 256-bit encryption. It enables you to seamlessly upload and create digital copies of all your important family information — including medical records, documents like your medical power of attorney, will, insurance information, and everything in between.

Trustworthy also allows you to collaborate with your family members, medical practitioners, attorney, or financial planner to grant access to certain documents. This ensures you keep everyone in the loop when it comes to your privacy wishes. You can share your medical information with the people you trust most.

Want to learn more about how Trustworthy works? Discover our range of features now.

Frequently Asked Questions

Is Sharing Someone's Medical Information Illegal?

Yes. Under the HIPAA Privacy Rule, you’re only allowed to share someone’s medical information with their express consent unless they can’t give their consent or the disclosure is in the public interest.

Does the US Government Have Access To Medical Records?

In certain cases, yes. Some government agencies like the FBI can use a national security exemption within HIPAA to ask medical providers for patient information without their authorization.

When Can Patient Information Be Shared Without Consent?

Doctors can share medical information without your consent if you’re incapacitated, unable to give consent, or the disclosure is in the public interest.