Medical Records, Privacy, Accuracy, and Patients' Rights

Medical records are now stored electronically.

Medical records are the footprints you make through the medical system. From the moment you are born, your medical records are a chronology of everything that has affected your health or has created a medical problem.

Two decades ago, those records were kept entirely on paper, filed in folders in various doctors' offices and hospitals. Rarely were they called into question, and often they were ignored when new symptoms arose or a specialist was needed for any new medical problems that cropped up.

Nurse in scrubs holding medical chart in clinic
Hero Images / Getty Images

Electronic Storage

Today, nearly all doctor's office records are being recorded and stored electronically. One doctor on one side of the globe might be able to instantly access the records being kept by a provider located in a different corner of the world. More practically, when a primary care physician refers you to a specialist, your records are transferred electronically before you arrive and can be reviewed on a computer monitor.

This use of technology may seem like a great advance for patients and providers alike, and for the most part, it is. But the advancement of electronic medical record storage has also highlighted and expanded three problems:

  1. Privacy/Security: Who can legally access a patient's records and how may they be shared? What happens if medical records fall into the wrong hands?
  2. Errors/Mistakes in Patient Medical Records: If mistakes are recorded in a patient's file, they may be replicated through the use of electronic record-keeping.
  3. Denials: Covered entities are required by law to provide patients with copies of their medical records, but not all records are provided the way they should be. What processes are in place to be sure patients can get copies of their medical records?


These questions were first addressed in the mid-1990s with the passage of the Health Information Portability Accountability Act (HIPAA). HIPAA is a federal law that required a set of national standards to protect patients' health information from being disclosed without their consent. HIPAA addresses the privacy and security of patient medical records, and the remedies available to patients when those records are not shared correctly or contain errors.

HIPAA laws can sometimes cause confusion among providers, facilities, insurers, and patients when it comes to electronic health records. While electronic records make it easier to share data, they can also be used to violate HIPAA laws or at least the intent of the laws. Concern also exists about security on devices like smartphones and what information can be exchanged among healthcare providers, patients, and organizations.

Data can be hacked or manipulated, so security systems are needed to protect patient information. For electronic records, HIPAA illustrates a three-tier model of administrative, physical, and technical safeguards. Examples include employing HIPAA consultants (administrative), controlling physical access (physical), and using antivirus software (technical).

It's important to make sure your records are being handled correctly, not falling into the wrong hands, and are shared with you appropriately. Your records, whether they are shared electronically or are simply copied or faxed, can cause problems including denial of insurance, missing out on a job offer, receiving the wrong treatment, or medical identity theft.

What To Do

To help ensure that your medical records are accurate and shared correctly:

Empowered patients understand that monitoring medical records is a right as well as a responsibility.

5 Sources
Verywell Health uses only high-quality sources, including peer-reviewed studies, to support the facts within our articles. Read our editorial process to learn more about how we fact-check and keep our content accurate, reliable, and trustworthy.
  1. Evans RS. Electronic Health Records: Then, now, and in the futureYearb Med Inform. 2016;25(Suppl 1):S48-S61. doi:10.15265/IYS-2016-s006

  2. Centers for Disease Control and Prevention. Electronic Medical Records.

  3. Centers for Disease Control and Prevention. Health Insurance Portability and Accountability Act of 1996.

  4. Harman, LB, et al. Electronic Health Records: Privacy, confidentiality, and securityAMA J Ethics. 2012;14(9):712-719. doi:10.1001/virtualmentor.2012.14.9.stas1-1209

  5. Kruse C, Smith B, Vanderlinden H, Nealand A. Security techniques for the Electronic Health RecordsJ Med Syst. 2017;41(8). doi:10.1007/s10916-017-0778-4

Additional Reading

By Trisha Torrey
 Trisha Torrey is a patient empowerment and advocacy consultant. She has written several books about patient advocacy and how to best navigate the healthcare system.