It is important for everyone to have a complete copy of their medical records. In some cases, your health care providers will allow you to see part of your records through an online account, but those records don’t usually display your complete file.

Having a copy of your records, helps you to:

  • Ensure the information is correct and fix or clarify any information with your health care team
  • Avoid repeating tests or other procedures
  • Coordinate care more efficiently between your different health care providers, pharmacists, and treatment facilities
  • Share them with new or potential health care providers (e.g., to get a second opinion)
  • Share them with family or friends who are acting as caregivers
  • Apply for disability benefits – see the Quick Guide to Disability Insurance
  • Appeal denials of health insurance coverage – see the Quick Guide to Appeals for Employer-Sponsored and Individual Health Insurance

Federal Law: Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA gives you the right to receive, inspect, and review copies of your medical and billing records from health plans and health care providers who are covered by HIPAA. The HIPAA Privacy Rule includes rules that protect the privacy of your health care information.

Who is required to protect your medical information under HIPAA?

Health care entities that are required to protect your privacy under HIPAA include:

  • Health care providers: Every health care provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions, including claims, benefit eligibility inquiries, referral authorization requests, and other transactions under the HIPAA Transactions Rule.
  • Health plans: Entities that provide or pay the cost of medical care (e.g., health, dental, vision, and prescription drug insurers; Medicare; Medicaid; Medigap insurers; long-term care insurers (excluding nursing home fixed-indemnity policies); employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans).
  • Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform functions, activities, or services including claims processing, data analysis, utilization review, and billing.

Employers are generally not covered under the HIPAA privacy rule, but other federal laws protect the privacy of medical information at work (e.g., ADA, FMLA, etc.) For more information, see the Quick Guide to Disclosure, Privacy, & Medical Certification Forms.

When can I request my medical records?

  • You can request a copy of your medical records from your health care provider and/or health plan at any time, for any reason.

Will my unpaid bills affect my ability to retrieve my medical records?

  • A health care provider may not withhold access to your medical records because you may have an outstanding medical bill.

In what formats can I receive my medical records?

  • A patient can decide what format the medical records are provided in. Options include: email, paper, fax, mail, USB drive, digital/smartphone health apps with APIs, or an online portal.

Do I have to get the full medical record or can I receive a partial record?

  • You have the right to request a full or partial copy of your medical record. A full record is helpful for your own records or if you have a new provider. A partial record is helpful to access specific information, such as allergies, immunization history, test results, and medications. Providers must also make clinical notes available, including consultation notes, discharge summary notes, history and physicals, imaging narratives, laboratory and pathology report narratives, procedure notes, and progress notes.

What do I do if I want to correct something in my medical record?

  • If you think that there is information in your medical or billing record that is incorrect, you can ask your health care provider or health plan to make a change to your record. The health care provider or health plan must respond to your request and make the change or addition to your record. If they refuse, you have the right to submit a statement of disagreement that the provider or plan must add to your record.

Federal Law: 21st Century Cures Act (The Cures Act)

  • The Cures Act, passed in 2016, made it easier for patients to get copies of their health records. Hospitals and doctors cannot “block” patients from accessing their health records (known as “information blocking.”) You have the right to see your electronic medical records, “without delay” and without charge.

How much does it cost to request a copy of my medical records?

  • Hard Copies: Providers may charge reasonable, cost-based fees for copying and mailing medical records. You may not be charged a fee for searching and retrieving your records, nor if someone else searches for your records.
  • Electronic Records: Providers may also charge reasonable, cost-based fees for supplying copies of electronic health information. Per page fees are not allowed if records are stored electronically., however, fees related to labor, supplies, postage, and preparation of explanations or summaries are.
  • Some states also allow for fees, and amounts vary by state. Learn more here.

After I request my medical records, how soon should I expect to receive them?

  • Under HIPAA’s Privacy Rule, providers must provide a patient with a copy of their medical records within 30 days of their request, or 60 days if records are kept off-site. If the provider cannot either respond or provide the records within this time frame, they can use one 30-day extension.
  • The Cures Act does not specify a time frame in which health care providers must provide patients with access to their electronic health records, but it does state that the records should be provided “without delay.”

Are there any situations in which my health records may be withheld from me?

  • Yes. Health records can be withheld if required by law, or if they fall within one of 8 exceptions to the Cures Act “information blocking” rule. For example, health records may be withheld if doing so would prevent harm to the patient or someone else. For details, visit here for more information.

What do I do if I am denied access to my records or I beleive my infojrmation was shared improperly?

  • To file a complaint about a possible HIPAA violation (denial of access to records or improper sharing of health information, contact the U.S. Department of Health & Human Services Office of Civil Rights online or at 1-800-368-1019.
  • To file a complaint about a possible Cures Act violation (information blocking), contact the Office of the National Coordinator for Health Information Technology (ONC) online. For details about how to submit a complaint, watch this video.

For more information about topics accessing medical records, see our Health Insurance Materials & Resources or visit CancerFinances.org.

Last reviewed for updates: 03/2024

Disclaimer: This handout is intended to provide general information on the topics presented. It is provided with the understanding that Triage Cancer is not engaged in rendering any legal, medical, or professional services by its publication or distribution. Although this content was reviewed by a professional, it should not be used as a substitute for professional services. © Triage Cancer 2024

Sharing Triage Cancer's Quick Guide to Accessing Medical Records

We're glad you find this resource helpful! Please feel free to share it with your communities or to post a link on your organization's website. However, this content may not be reproduced, in whole or in part, without the express permission of Triage Cancer. Please email us at info@TriageCancer.org to request permission.

This Quick Guide can be downloaded and printed for free. If you are a health care professional, we provide free, bulk copies of many of our resources. To make a request, visit TriageCancer.org/MaterialRequest.