Patient Privacy Rights

Protecting Americans from health data harms

Know Your Rights Summit | Videos Research | Tech Policy | Advocacy About Donate

 

Get Patient Privacy Updates    |     Report an Incident     |     Contact

Your Patient Privacy Rights in Workers' Compensation

Explore Your Patient Privacy Rights in Context

 

Your patient privacy protections in workers' compensation come from a mix of (1) rules on your doctors, labs, and hospitals, as the source of the records, (2) state workers' compensation laws and procedures, and (3) workplace confidentiality rules.

 

  1. Your HIPAA Privacy Rights When Medical Information Is Shared for Workers' Compensation

    HIPAA (the Health Insurance Portability and Accountability Act) is a U.S. federal law that sets national standards for protecting the privacy and security of health information held by health care providers, health plans, labs, and their contractors. It includes the parties involved in the delivery of your healthcare and its billing.

    HIPAA doesn't regulate your workers' compensation insurer like it regulates your health plan. But HIPAA does regulate your health care providers when they disclose your medical information for workers' compensation purposes. Under HIPAA, your healthcare provider and health plan may disclose your personal health information as authorized by you or to the extent necessary to comply with, workers' compensation laws (and similar programs) in your state. They are expected to apply "miniumum necessary" practices for routine workers' compensation disclosures, often using standard protocols.

    With your healthcare provider being covered under HIPAA, you have important privacy rights, including:

    • Right to a Notice of Privacy Practices explaining how the plan may use and share your protected health information and what rights you have.
    • Right to access your records—to inspect and obtain a copy of the health information the plan holds about you. Limited exceptions include psychotherapy notes and information compiled for legal proceedings (prepared in anticipation of, or for use in, a civil, criminal, or administrative action), though you may still be able to access the underlying records. Other limited denial situations can include certain correctional settings, temporary research-related suspensions you agreed to, information restricted by another law, or information obtained from a non-health care provider under a promise of confidentiality. In rare cases, access may be denied (or denied subject to review) if access is likely to endanger someone's life or physical safety or cause substantial harm, including in some situations involving a personal representative.
    • Right to request a correction or amendment to health information the plan maintains about you.
    • Right to an accounting of disclosures of your health information made in the prior six years with the major exception of disclosures made for treatment, payment, and health care operations).
    • Right to request restrictions on certain disclosures, including a special right to restrict disclosure to a health plan for a service you pay for out of pocket in full.
    • Right to request confidential communications, such as being contacted at a different address or phone number, or through a safer method.
    • Right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your plan violated HIPAA's privacy or security rules.

    What to do: When your medical information is being shared for workers' compensation purposes, read any authorization forms carefully and limit them to what's required by your state's workers' compensation law; ask your health care provider what information will be disclosed and under what authority, request that "minimum necessary" standards be applied, keep copies of all authorizations and communications, and if you believe your information was disclosed more broadly than permitted, consider filing a HIPAA complaint with the U.S. Department of Health and Human Services. If you have an incident to report, please let us know.

  2. Your right to limit broad medical authorizations in workers' compensation claims

    Even though your healthcare providers disclose information as required or authorized by workers' compensation law, your insurer or employer may ask you to sign broad releases. Your most practical protection is to limit the scope of your consent (based on dates, providers, body components or condition, purpose, and recipients); and, ask for a copy of whatever you sign.

    What to do: Before signing any workers' compensation release, read it carefully and narrow it to the minimum necessary (by time period, providers, conditions, purpose, and recipients); ask whether a more limited authorization will satisfy the request, keep a copy of everything you sign, and document any concerns if you believe the request goes beyond what workers' compensation law requires. If you have an incident to report, please let us know.

  3. How the Americans with Disabilities Act protects your workplace medical information

    If your employer obtains your medical information through disability-related inquiries, exams. or related processes, the Americans with Disabilities Act requires your information be kept confidential, stored separately from personnel files, and shared only on a limited need-to-know basis (e.g., restrictions or accommodations, first aid or safety, or government investigators).

    What to do: If you believe your employer has improperly accessed, stored, or shared your medical information, document what happened, consider requesting clarification in writing about who has access to your records and for what purpose, and consider filing a complaint with the Equal Employment Opportunity Commission or your state fair employment agency; keep copies of all communications and records. If you have an incident to report, please let us know.

 

Understanding your patient privacy rights in workers’ compensation—from HIPAA’s limits on provider disclosures, to your ability to restrict broad authorizations, to workplace confidentiality under the Americans with Disabilities Act—can help you safeguard sensitive medical information, respond to improper access, and assert control over how your data is shared during the claims process. To stay informed as rules and practices evolve and incidents occur, join our mailing list. And if you experience a concerning situation tied to your health information, please report the incident so we can track patterns and strengthen public accountability. Donate, as you are able, to support this work.

 

Select another context in which to examine your patient privacy rights:

Healthcare Employment Finances Credit Reports Housing Education Insurance eHealth Internet Marketing Purchases Reputation Mental Health Addiction Children Adolescents Law Enforcement Courts Prison Genetics HIV/AIDS Abortion Domestic Violence Harassment Data Collections Medical Insurance Life Insurance Disability Insurance Long-term Care Workers' Compensation Auto Insurance

 

Note: The content above is general information for the public and is not legal advice for any specific situation. Rights and processes relevant to a particular situation can vary based on circumstances and additional state or federal laws.

This document was created and is maintained by PPR President Dr. Latanya Sweeney. Please share your feedback and let Dr. Sweeney know about the ways you've used it, and if you have any suggestions.

Join Report DONATE

PPR logo

Independent public-interest organization advancing patient privacy through research, policy, and accountability.

People

Coalition

Summit

Brandeis Privacy Award

Know your rights

FAQs

Glossary

Our Privacy Policy

Research

Legislation

Posts

Press Releases