The state of California has been a battleground for medical privacy. With so many celebrities living here, and the public’s ever-increasing hunger for celebrity gossip, medical workers employed by a health provider sometimes give in to the temptation to “leak” private medical information about celebrities to tabloid media.

The late actress Farrah Fawcett was a medical privacy pioneer. When Fawcett learned in 2007 that the anal cancer that eventually took her life had returned, she told no one and asked her doctor’s cooperation in keeping the news under wraps. She suspected that someone at the UCLA Medical Center, where she received treatment, was providing her private medical information to the press. Four days later, the news was out.

UCLA eventually identified an administrative specialist who had received thousands of dollars from a tabloid in exchange for Fawcett’s medical information. The woman pled guilty to a felony charge of violating federal medical privacy laws.

Tabloids may not be clamoring to read your medical records, but you have the same medical privacy rights as celebrities in California have. The federal Health Insurance Portability and Accounting Act regulations guarantees you the following rights:

  • You have the right to review your medical records. You may obtain a copy of your records at your own expense. Many physicians’ offices and hospitals employ a records custodian who will handle requests that are related to your medical records. If you find an error in your medical records, you can make a written request that the error be corrected and ask that the provider respond in writing when the correction is made.
  • You have a right to receive a copy of your provider’s privacy policy the first time you visit the provider. The privacy policy explains whom your provider discloses your records to. For instance, your physician may send your blood sample, marked with your name, to a medical laboratory. If your provider discloses your medical information to any entity not included in the privacy policy, the provider must notify you of that disclosure.
  • You may request certain restrictions on disclosure of your records. For example, you may specify that you do not want a provider to disclose information about your medical condition to family members, or you may specify which family members are approved for disclosure. If a friend or acquaintance works for your physician, you can request that that person not be allowed to have access your records.
  • Finally, you may request an accounting of everyone to whom your provider has disclosed your medical information for the last six years. Make your request in writing to the custodian of records, just as you would if you were requesting a copy of your medical records.

If you believe that a health provider or health insurance company has violated your rights under HIPAA, you may file a written complaint with the federal Department of Health and Human Services (DHHS). File your complaint within 180 days of the time you find out about the violation, and explain why you think the provider violated your privacy rights. The medical provider must cooperate with the DHHS investigation of your grievance.

Use common sense to keep your information private. If you have questions for your pharmacist, ask to speak to him or her in a private area instead of discussing your medical condition in front of their customers. Shred your invoices and insurance statements for medical care after you no longer need them. Before you correspond with your physician by e-mail, discuss privacy concerns with your physician’s office to assure yourself that your physician maintains adequate electronic security measures to protect your information.