Your Guide to Health Care Privacy

Protecting the Privacy of Your Health Care Information

Protecting the privacy of your health information

Under federal privacy law, the Health Insurance Portability and Accountability Act (HIPAA), as well as under Illinois law, you have certain rights regarding the privacy of your confidential health information. Every time you are admitted to a hospital, visit a doctor's office, fill a prescription at the pharmacy, or send a health care claim to your insurance company, a record is made. Providers of health care services, including hospitals, physicians and dentists, as well as insurance plans that pay for services on your behalf, including Medicare and Medicaid, have a strict legal obligation to maintain the confidentiality of your health information.

Your rights under federal and Illinois law

There are certain standards that all health care providers and plans must follow. In general, the law gives you the following rights:

  • To receive adequate notice of the health care provider's or plan's privacy practices and to be informed about how your confidential health information will be used or disclosed.
  • To know to whom your confidential health information is disclosed, and for what purposes it is used.
  • To request reasonable restrictions on how your confidential health information is used or disclosed; however, your health care provider or plan is not required to agree to those restrictions or to continue treating you if you disagree with its privacy practices. You may also request that your health care provider not notify your health insurer of care you receive that does not require payment through your health insurance.
  • To have access to, inspect, and obtain a copy of any of your confidential health information that is maintained by your health care provider or plan. A written request to obtain a copy of your confidential health information must generally be granted within thirty days.
  • To request that your health care provider or plan correct any confidential health information which you believe is incorrect, and to place an objection in the record if your request to correct is not honored.
  • To reasonably request that your health care provider or insurer contact you about medical matters in a certain way (such as by phone or mail) or at a certain location.
  • To file a formal complaint with your health care provider, your health insurer, the state of Illinois, and the federal government for any violations of the law.

Permitted uses and disclosures

Health care providers and plans may use or disclose your confidential health information under limited circumstances:

  • Your health care providers or plans have the right to use and disclose your confidential medical information for treatment, payment, and health care operations, such as assessing and improving the quality of medical care.
  • Your health care providers and plans must not use or disclose your confidential health information for purposes other than treatment, payment, or health care operations without your specific written authorization.
  • Your health care providers may be required by law to disclose certain information to public health authorities that you might consider to be confidential when you have a communicable disease, such as AIDS or tuberculosis.
  • Your health care provider or plan must make a reasonable effort to limit the use and disclosure of your confidential health information to the minimum amount necessary; for example, it may not be appropriate for the receptionist at your doctor's office to have unlimited access to your entire medical record.

Your privacy rights are very important. Federal and state laws try to balance your right to privacy with the need for ready access to the health information necessary for you to receive quality health care. Your health care providers or plans must give you a copy of their notice of privacy practices in advance and make a good faith effort to obtain a written acknowledgement of your receipt.

You should ask to speak with your doctor, hospital, or health care plan or insurer if you have any questions relating to the privacy of your medical information.

Your privacy rights are very important. Federal and state laws try to balance your right to privacy with the need for ready access to the health information necessary for you to receive quality health care. Your health care providers or plans must give you a copy of their notice of privacy practices in advance and make a good faith effort to obtain a written acknowledgement of your receipt.

You should ask to speak with your doctor, hospital, or health care plan if you have any questions relating to the privacy of your medical information.


Prepared by the Illinois State Bar Association's Health Care Law Section (2016)


This pamphlet is prepared and published by the Illinois State Bar Association as a public service. Every effort has been made to provide accurate information at the time of publication.

For the most current information, please consult your lawyer. If you need a lawyer and do not have one, call Illinois Lawyer Finder at (800) 922-8757 or online www.IllinoisLawyerFinder.com