Your Rights to Access Your Medical Records Under HIPAA

Obtaining access to your medical records is one of your rights as a patient. Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, you also have the right to decide who gets to see your medical information and when.

Under HIPAA, your medical records must be delivered within a specific timeframe. Requests can also be made to change incorrect information.

Healthcare providers, in turn, have the right to request payment for making and delivering copies, to withhold certain pieces of information, and to share your records with other providers in specific situations.

This article explains how to request and obtain your medical records. It also describes your right to privacy—and exceptions to those rights—and what you can do to resolve disputes with a healthcare provider.

Doctor getting file in medical records room Doctor getting file in medical records room

May I See My Chart at My Doctor’s Office?

HIPAA provides patients with a legal, enforceable right to see and receive copies of their medical information and other health records upon request from their healthcare providers. This includes seeing the “original chart review” instead of a photocopy or a summary page.

If you are in the provider’s office and are reviewing lab test results, a pathology report, or radiology findings, you have the right to see the original chart review and request a copy of the report in its entirety.

Are My Medical Records Private?

Strictly speaking, healthcare providers must safeguard your medical records to ensure that your privacy and confidentiality are not breached. HIPPA has issued specific guidelines as to how this must be done (as well as penalties if safeguards are not in place).

In addition to this, you have the right to decide who gets to see your medical information and when.

However, there are exceptions. Under HIPAA regulations, a healthcare provider can share your medical records without your consent in specific situations, such as:

Do I Have the Right to Get All of My Records?

HIPAA requires your healthcare provider to provide you with a complete copy of your medical records when requested. In most cases, the copy must be provided within 30 days. The time frame can be extended another 30 days if there is reasonable cause.

Even so, providers are encouraged to make the transfer as quickly as possible, given the widespread use of patient portals and other electronic delivery systems.

Again, there are exceptions to the HIPAA rule. Healthcare providers can withhold or exclude certain pieces of information, such as:

New Laws and Protections

Under the 21st Century Cures Act (which went into effect on October 6, 2022), healthcare organizations must provide patients with immediate access to their health records in an electronic format. This includes all test results, medication lists, and clinical notes.

The Cures Act ensures that all reports are delivered to a patient portal and prevents “information blocking” (in which medical information may be withheld or limited). Under this new law, a patient may see their reports even before their provider.

Can My New Healthcare Provider Get My Medical Records?

If you are changing physicians, you can request that your medical records be transferred to a new physician. The request would need to be issued in writing. The process can vary but is usually straightforward.

In an ideal situation:

  1. You fill out an authorization form granting one provider permission to share your records with another provider.
  2. You mark on the form which records you want to be shared.
  3. You pay (or are billed) fees to cover the cost of the transfer.

In the best-case scenario, your records would arrive within a few days or earlier. If your records have not been digitized, it can take up to 30 days to complete the transfer under HIPAA regulations.

Can a Healthcare Provider Charge for Medical Records?

Your healthcare provider can charge you for the cost of making copies of your medical records. The cost must be reasonable and only include:

The costs need to be stated and agreed to upfront.

What Do I Do If I Find an Error in My Medical Records?

If you find an error in your medical records, you can request that it be corrected. You can also ask your healthcare provider to add information if the record is incomplete or to change something you disagree with.

Under HIPAA regulations, your healthcare provider is not required to make changes or omit information that they believe to be inaccurate, misleading, or untrue.

Even if your provider doesn’t agree with you, you still have the right to have your disagreement noted in your records. In most cases, the file should be changed within 60 days, but it can take an additional 30 days if you’re given reasonable cause.

Sample Letter to Request Medical Records

Many providers don’t have prepared authorization forms to fill out (although this is starting to change). In the absence of prepared forms, you can make a written request by including the following information in a letter:

Resolving Problems

HIPAA, the same act that regulates how your health information is handled to protect your privacy, also gives you the right to see and obtain a copy of your records and to dispute anything you feel is erroneous or has been omitted.

If you have difficulty with either of these issues, simply asking the office staff personnel involved to review HIPAA regulations will usually be enough to resolve the situation.

This is, however, one of those areas where it’s sometimes best to “choose your battles” wisely. At times, demanding a copy of your records or insisting that you disagree with something in your records isn’t worth the time or stress involved.

If an error or omission in your records is minor, it might not be worth pursuing and risking a problem in the relationship with your healthcare provider and their staff.

Healthcare providers will usually send a copy of your records to a new practitioner at no charge, as a professional courtesy. This could be easier and far less stressful than obtaining a copy to give to your new healthcare provider.

These are considerations, but only you can make the final decision.

Summary

Requesting a copy of your medical records is one of your rights as a patient. The law guarantees you this right and protects you from unreasonably high fees when you request your medical records.

When you request your medical records, your doctor can only charge you what it costs to make and send the copies. You may have to wait for about 30 days while your request is being processed. If you find any mistakes in your medical records, you can request to have them amended.

New laws outlined in the 21st Century Cures Act require healthcare organizations to grant patients immediate access to their electronic medical records via a secure portal.

Verywell Health uses only high-quality sources, including peer-reviewed studies, to support the facts within our articles. Read our editorial process to learn more about how we fact-check and keep our content accurate, reliable, and trustworthy.

  1. Department of Health and Human Services. Individuals’ right under HIPAA to access their health information 45 CFR § 164.524.
  2. Department of Health and Human Services. Summary of the HIPAA privacy rule.
  3. Department of Health and Human Services. How timely must a covered entity be in responding to individuals’ requests for access to their PHI?.
  4. Department of Health and Human Services Office of the National Coordinator for Health Information Technology. Information blocking.
  5. Department of Health and Human Services. If patients request copies of their medical records as permitted by the Privacy Rule, are they required to pay for the copies?.
  6. Department of Health and Human Services. The HIPAA privacy rule and electronic health information exchange in a networked environment: correction.
  7. Department of Health and Human Services. Health information privacy.

By Teri Robert
Teri Robert is a writer, patient educator, and patient advocate focused on migraine and headaches.

Share Feedback Was this page helpful? Thanks for your feedback! What is your feedback? Other Helpful Report an Error Related Articles

Smiling female doctor points out test results to unrecognizable woman - stock photo

How to Lookup ICD-10 Codes

Person writing in their information on an organ donor sheet

Donating Your Organs or Body to Science

Surgeons analyzing report together in clinic

Highest Paid Doctors: 20 Well-Paid Specialties

female doctor looking in microscope

An Overview of Histopathology

prescription pad

Understanding Prescription Abbreviations

A pile of pills

Drug Classes

Examination of a patient's retinal, conjunctiva, cornea, optic nerve, blood vessels, with a slit lamp

Ophthalmologists and What They Do

Doctor pointing to patient records on digital tablet - stock photo

CPT Codes and How They Are Used

A doctor and a patient in a hospital ward.

What 'Indolent' Means in a Medical Diagnosis

Nurse checking medical records

How to Correct Errors in Your Medical Records

Find CPT codes right on your medical bills.

Medical Code Guide for Patients

Man smoking with a vape pen

How Is Marijuana Used?

High angle view of unrecognizable black woman holding an assortment of pills <a href=in open pill box." width="400" height="250" />

How to Identify a Pill: Checking Imprint Code, Color, or Shape

Checking medical records

What Is HIPAA?

A child sitting behind a birthday cake as a man lights the candles

What Is the Health Insurance Birthday Rule?

A doctor and a pregnant patient.

10 Patient Rights in America’s Healthcare System

Verywell Health's content is for informational and educational purposes only. Our website is not intended to be a substitute for professional medical advice, diagnosis, or treatment.

Ⓒ 2024 Dotdash Media, Inc. — All rights reserved Verywell Health is part of the Dotdash Meredith publishing family.

We Care About Your Privacy

We and our 100 partners store and/or access information on a device, such as unique IDs in cookies to process personal data. You may accept or manage your choices by clicking below, including your right to object where legitimate interest is used, or at any time in the privacy policy page. These choices will be signaled to our partners and will not affect browsing data.

We and our partners process data to provide:

Store and/or access information on a device. Use limited data to select advertising. Create profiles for personalised advertising. Use profiles to select personalised advertising. Create profiles to personalise content. Use profiles to select personalised content. Measure advertising performance. Measure content performance. Understand audiences through statistics or combinations of data from different sources. Develop and improve services. Use limited data to select content. List of Partners (vendors)