Obtaining access to your medical records is one of your rights as a patient. Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, you also have the right to decide who gets to see your medical information and when.
Under HIPAA, your medical records must be delivered within a specific timeframe. Requests can also be made to change incorrect information.
Healthcare providers, in turn, have the right to request payment for making and delivering copies, to withhold certain pieces of information, and to share your records with other providers in specific situations.
This article explains how to request and obtain your medical records. It also describes your right to privacy—and exceptions to those rights—and what you can do to resolve disputes with a healthcare provider.
HIPAA provides patients with a legal, enforceable right to see and receive copies of their medical information and other health records upon request from their healthcare providers. This includes seeing the “original chart review” instead of a photocopy or a summary page.
If you are in the provider’s office and are reviewing lab test results, a pathology report, or radiology findings, you have the right to see the original chart review and request a copy of the report in its entirety.
Strictly speaking, healthcare providers must safeguard your medical records to ensure that your privacy and confidentiality are not breached. HIPPA has issued specific guidelines as to how this must be done (as well as penalties if safeguards are not in place).
In addition to this, you have the right to decide who gets to see your medical information and when.
However, there are exceptions. Under HIPAA regulations, a healthcare provider can share your medical records without your consent in specific situations, such as:
HIPAA requires your healthcare provider to provide you with a complete copy of your medical records when requested. In most cases, the copy must be provided within 30 days. The time frame can be extended another 30 days if there is reasonable cause.
Even so, providers are encouraged to make the transfer as quickly as possible, given the widespread use of patient portals and other electronic delivery systems.
Again, there are exceptions to the HIPAA rule. Healthcare providers can withhold or exclude certain pieces of information, such as:
Under the 21st Century Cures Act (which went into effect on October 6, 2022), healthcare organizations must provide patients with immediate access to their health records in an electronic format. This includes all test results, medication lists, and clinical notes.
The Cures Act ensures that all reports are delivered to a patient portal and prevents “information blocking” (in which medical information may be withheld or limited). Under this new law, a patient may see their reports even before their provider.
If you are changing physicians, you can request that your medical records be transferred to a new physician. The request would need to be issued in writing. The process can vary but is usually straightforward.
In an ideal situation:
In the best-case scenario, your records would arrive within a few days or earlier. If your records have not been digitized, it can take up to 30 days to complete the transfer under HIPAA regulations.
Your healthcare provider can charge you for the cost of making copies of your medical records. The cost must be reasonable and only include:
The costs need to be stated and agreed to upfront.
If you find an error in your medical records, you can request that it be corrected. You can also ask your healthcare provider to add information if the record is incomplete or to change something you disagree with.
Under HIPAA regulations, your healthcare provider is not required to make changes or omit information that they believe to be inaccurate, misleading, or untrue.
Even if your provider doesn’t agree with you, you still have the right to have your disagreement noted in your records. In most cases, the file should be changed within 60 days, but it can take an additional 30 days if you’re given reasonable cause.
Many providers don’t have prepared authorization forms to fill out (although this is starting to change). In the absence of prepared forms, you can make a written request by including the following information in a letter:
HIPAA, the same act that regulates how your health information is handled to protect your privacy, also gives you the right to see and obtain a copy of your records and to dispute anything you feel is erroneous or has been omitted.
If you have difficulty with either of these issues, simply asking the office staff personnel involved to review HIPAA regulations will usually be enough to resolve the situation.
This is, however, one of those areas where it’s sometimes best to “choose your battles” wisely. At times, demanding a copy of your records or insisting that you disagree with something in your records isn’t worth the time or stress involved.
If an error or omission in your records is minor, it might not be worth pursuing and risking a problem in the relationship with your healthcare provider and their staff.
Healthcare providers will usually send a copy of your records to a new practitioner at no charge, as a professional courtesy. This could be easier and far less stressful than obtaining a copy to give to your new healthcare provider.
These are considerations, but only you can make the final decision.
Requesting a copy of your medical records is one of your rights as a patient. The law guarantees you this right and protects you from unreasonably high fees when you request your medical records.
When you request your medical records, your doctor can only charge you what it costs to make and send the copies. You may have to wait for about 30 days while your request is being processed. If you find any mistakes in your medical records, you can request to have them amended.
New laws outlined in the 21st Century Cures Act require healthcare organizations to grant patients immediate access to their electronic medical records via a secure portal.
Verywell Health uses only high-quality sources, including peer-reviewed studies, to support the facts within our articles. Read our editorial process to learn more about how we fact-check and keep our content accurate, reliable, and trustworthy.
By Teri Robert
Teri Robert is a writer, patient educator, and patient advocate focused on migraine and headaches.
in open pill box." width="400" height="250" />
How to Identify a Pill: Checking Imprint Code, Color, or Shape What Is HIPAA? What Is the Health Insurance Birthday Rule? 10 Patient Rights in America’s Healthcare SystemVerywell Health's content is for informational and educational purposes only. Our website is not intended to be a substitute for professional medical advice, diagnosis, or treatment.
Ⓒ 2024 Dotdash Media, Inc. — All rights reserved Verywell Health is part of the Dotdash Meredith publishing family.We and our 100 partners store and/or access information on a device, such as unique IDs in cookies to process personal data. You may accept or manage your choices by clicking below, including your right to object where legitimate interest is used, or at any time in the privacy policy page. These choices will be signaled to our partners and will not affect browsing data.
Store and/or access information on a device. Use limited data to select advertising. Create profiles for personalised advertising. Use profiles to select personalised advertising. Create profiles to personalise content. Use profiles to select personalised content. Measure advertising performance. Measure content performance. Understand audiences through statistics or combinations of data from different sources. Develop and improve services. Use limited data to select content. List of Partners (vendors)