Patient Privacy Rights

Protecting Americans from health data harms

Know Your Rights Summit | Videos Research | Tech Policy | Advocacy About Donate

 

Get Patient Privacy Updates    |     Report an Incident     |     Contact

Your Patient Privacy Rights in Insurance

Explore Your Patient Privacy Rights in Context

 

Your health privacy protections vary widely depending on the type of insurance involved, the specific insurance product, and your state. You can learn about your rights in specific types of insurance--medical, life, disability, long-term care, workers' compensation, and auto insurance. The content below provides an overview.)

 

  1. Your Rights to Access and Correct School Health Records

    Patient privacy rights are strongest under HIPAA, which covers health insurance through health insurers and health plans—the entities directly involved in paying for and administering your health care. By contrast, life, disability, and long-term care insurance, as well as auto insurance and workers' compensation, operate under different rules and may request medical records with your authorization.

    Many insurance companies are also subject to the Gramm-Leach-Bliley Act (GLBA), which requires privacy notices and gives consumers a way to opt out of certain disclosures of nonpublic personal information to nonaffiliated third parties. GLBA also includes exceptions—situations in which a financial institution may share nonpublic personal information with certain nonaffiliated third parties without offering an opt-out. These exceptions generally fall into three main categories:

    • Service providers and joint marketing: Sharing with nonaffiliated vendors that perform services or functions for the institution (and with joint marketing partners), as long as the institution provides the required privacy notice and has a contract limiting the third party's use and disclosure of the information.
    • Processing and servicing transactions: Sharing as necessary to effect, administer, or enforce a transaction you request or authorize—such as processing or servicing a financial product, maintaining an account, or supporting securitization and other secondary-market activity tied to the transaction.
    • Other permitted disclosures (security, fraud, legal, and oversight): Sharing to protect the confidentiality or security of records; prevent fraud or unauthorized transactions; manage institutional risk; or resolve disputes and inquiries. Information may also be shared with parties who have a legal or beneficial interest, or who act in a fiduciary or representative capacity. In addition, GLBA permits sharing for oversight and professional services—such as with insurance rate advisory organizations, guaranty funds or agencies, rating agencies, compliance assessors, and the institution's attorneys, accountants, and auditors—and in certain government or legal-process contexts, subject to applicable rules.

    In addition, many states have insurance privacy laws that address how insurers may use and disclose your information and may provide rights to access and correct information used in insurance transactions. The details vary by state.

    What to do: Review the kind of insurance specific to your concern to get more details:

    If you have an incident to report, please let us know.

     

 

Understanding how privacy rules differ across insurance types—and reviewing the notices, consent forms, and state-specific protections that apply to you—can help you better control your health information and take action if your rights are misused or violated. To stay informed as rules and practices evolve and incidents occur, join our mailing list. And if you experience a concerning situation tied to your health information, please report the incident so we can track patterns and strengthen public accountability. Donate, as you are able, to support this work.

 

Select another context in which to examine your patient privacy rights:

Healthcare Employment Finances Credit Reports Housing Education Insurance eHealth Internet Marketing Purchases Reputation Mental Health Addiction Children Adolescents Law Enforcement Courts Prison Genetics HIV/AIDS Abortion Domestic Violence Harassment Data Collections Medical Insurance Life Insurance Disability Insurance Long-term Care Workers' Compensation Auto Insurance

 

Note: The content above is general information for the public and is not legal advice for any specific situation. Rights and processes relevant to a particular situation can vary based on circumstances and additional state or federal laws.

This document was created and is maintained by PPR President Dr. Latanya Sweeney. Please share your feedback and let Dr. Sweeney know about the ways you've used it, and if you have any suggestions.

Join Report DONATE

PPR logo

Independent public-interest organization advancing patient privacy through research, policy, and accountability.

People

Coalition

Summit

Brandeis Privacy Award

Know your rights

FAQs

Glossary

Our Privacy Policy

Research

Legislation

Posts

Press Releases