Quick Guide to Accessing Medical Records
In Triage Health's free Quick Guide to Accessing Medical Records, you'll find information on the Health Insurance Portability and Accountability Act of 1996 (HIPAA), when you can request records, associated costs and formats, the timeline for receiving your records, how to make corrections, what to do if you're denied access, and more!
It is important for everyone to have a complete copy of their medical records. In some cases, your health care providers will allow you to see part of your records through an online account, but those records don’t usually display your complete file.
Having a copy of your records, helps you to:
- Ensure the information is correct and fix or clarify any information with your health care team
- Avoid repeating tests or other procedures
- Coordinate care more efficiently between your different health care providers, pharmacists, and treatment facilities
- Share them with new or potential health care providers (e.g., to get a second opinion)
- Share them with family or friends who are acting as caregivers
- Apply for disability benefits – see the Quick Guide to Disability Insurance
- Appeal denials of health insurance coverage – see the Quick Guide to Appeals for Employer-Sponsored and Individual Health Insurance
Federal Law: Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA gives you the right to receive, inspect, and review copies of your medical and billing records from health plans and health care providers who are covered by HIPAA. The HIPAA Privacy Rule includes rules that protect the privacy of your health care information.
Who is required to protect your medical information under HIPAA?
Health care entities that are required to protect your privacy under HIPAA include:
- Health care providers: Every health care provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions, including claims, benefit eligibility inquiries, referral authorization requests, and other transactions under the HIPAA Transactions Rule.
- Health plans: Entities that provide or pay the cost of medical care (e.g., health, dental, vision, and prescription drug insurers; Medicare; Medicaid; Medigap insurers; long-term care insurers (excluding nursing home fixed-indemnity policies); employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.)
- Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform functions, activities, or services including claims processing, data analysis, utilization review, and billing.
Employers are generally not covered under the HIPAA privacy rule, but other federal laws protect the privacy of medical information at work (e.g., ADA, FMLA, etc.) For more information, see the Quick Guide to Disclosure, Privacy, & Medical Certification Forms.
When can I request my medical records?
You can request a copy of your medical records from your health care provider and/or health plan at any time, for any reason.
Will my unpaid bills affect my ability to retrieve my medical records?
A health care provider may not withhold access to your medical records because you may have an outstanding medical bill.
How much does it cost to request a copy of my medical records?
The Privacy Rule allows providers to charge reasonable, cost-based fees for copying and mailing medical records, but they cannot charge a fee for searching or retrieving records. You may not be charged if someone else searches for your medical records. Per-page fees are not allowed if records are stored electronically. Note: some state laws also allow for fees and the amounts vary by state.
In what formats can I receive my medical records?
A patient can decide what format the medical records are provided in. Options include: email, paper, fax, mail, USB drive, digital/smartphone health apps with APIs, or an online portal.
After I request my medical records, how soon should I expect to receive them?
Under HIPAA’s Privacy Rule, providers must provide a patient with a copy of their medical records within 30 days of their request, or 60 days if records are kept off-site. If the provider cannot either respond or provide the records within this time frame, they can use one 30-day extension.
The Cures Act does not specify a time frame in which health care providers must provide patients with access to their electronic health records, but it does state that the records should be provided “without delay.”
Do I have to get the full medical record or can I receive a partial record?
You have the right to request a full or partial copy of your medical record. A full record is beneficial for your own records or if you have a new provider. A partial record is beneficial to access specific information, such as allergies, immunization history, test results, and medications. Providers must also make clinical notes available, including consultation notes, discharge summary notes, history and physicals, imaging narratives, laboratory, and pathology report narratives, procedure notes, and progress notes.
What do I do if I want to correct something in my medical record?
If you think that there is information in your medical or billing record that is incorrect, you can ask your health care provider or health plan to make a change to your record. The health care provider or health plan must respond to your request and make the change or addition to your record. If they refuse, you have the right to submit a statement of disagreement that the provider or plan must add to your record.
Are there any situations in which my health records may be withheld from me?
Yes. Health records can be withheld if required by law, or if they fall within one of 8 exceptions to the Cures Act “information blocking” rule. For example, health records may be withheld if doing so would prevent harm to the patient or someone else. For details, visit healthit.gov/topic/information-blocking.
Who do I contact if I am denied access to my medical records?
- Under the 21st Century Cures Act, individual or organizational health care providers may not block, or delay a patient’s access to any eligible information stored in their HER (with a few exceptions around harm prevention, privacy and security, infeasibility, health IT performance, content and manner, fees, and licensing). If you want to report an issue of information blocking, visit: inquiry.healthit.gov.
- If a health care provider or health plan does deny you access to your medical records, contact the U.S. Department of Health & Human Services (HHS) Office for Civil Rights at 800-368-1019, or file a complaint online.
State Laws
States have passed laws that also protect your right to access your medical records. Visit Triage Health’s Charts of State Laws for details on fees and timelines.
Learn More
For more information about topics accessing medical records, see our Health Insurance Materials & Resources or visit CancerFinances.org.
Sharing Our Quick Guides
We're glad you found this resource helpful! Please feel free to share this resource with your communities or to post a link on your organization's website. If you are a health care professional, we provide free, bulk copies of many of our resources. To make a request, visit TriageHealth.org/MaterialRequest.
However, this content may not be reproduced, in whole or in part, without the express permission of Triage Cancer. Please email us at TriageHealth@TriageCancer.org to request permission.
Last reviewed for updates: 01/2022
Disclaimer: This handout is intended to provide general information on the topics presented. It is provided with the understanding that Triage Cancer is not engaged in rendering any legal, medical, or professional services by its publication or distribution. Although this content was reviewed by a professional, it should not be used as a substitute for professional services. © Triage Cancer 2023