10 Myths About HIPAA, Patients and Medical Records Privacy

Healthcare providers, healthcare facilities, and sometimes insurers are the only entities bound by HIPAA.

But there are many others who may have that information, and they are not obligated or regulated by HIPAA. In the past few years, dozens of web applications have become available, many for free, that invite patients to upload their own health and medical information, usually for storage purposes. They claim that these PHRs (personal health records) become convenient and available in an emergency when stored in this manner. And so it would seem they are.

But these organizations are not under any restriction from doing what they want to with those records, even if they claim the records are private and secure.

• Myth #1: HIPAA prevents sharing of information to family members.
• Myth #2: Only patients or caregivers may get copies of health records.
• Myth #3: Employers are payers, and can gain access to an employee's records.
• Myth #4: HIPAA laws prevent doctors from exchanging email with their patients.
• Myth #5: Providers are required by law to provide all medical records to you.
• Myth #6: Patients denied access to their records may sue to get copies.
• Myth #7: HIPAA laws cover privacy and security for all medical records.
• Myth #8: Providers are required to correct any errors found in patient records.
• Myth #9: Your health and medical records cannot affect your credit records.
• Myth #10: Medical information cannot be legally sold or used for marketing.