Skip to main content

Federal and State Privacy Protections and Health Insurance

Health & Benefits

This article tells how state health privacy laws give you the right to keep your medical records private.

Here, learn about HIPAA and state laws in Texas protecting medical records and personal information privacy. Covered entities must follow these laws when using or disclosing personal health information. There are exceptions, and individuals have the right to access and request copies of their medical records.

Does federal law require my health information to remain private?

The HIPAA (the Health Insurance Portability and Accountability Act) is a federal law that helps protect you and your family.

What does HIPAA do?

HIPAA (along with other federal laws such as the Affordable Care Act) says that: o Your medical records must be kept private. This includes printed records, computer records, and anything said at your health provider’s office.

Does Texas have a HIPAA-like law?

Yes. Texas has two laws that seek to protect Texans’ privacy. The Texas Medical Records Privacy Act, and the Texas Identity Theft Enforcement and Protection Act.

What do the Texas privacy laws do?

First, like HIPAA, Texas law uses broadly defined terms to make the rules applicable to anyone that creates, receives, obtains, maintains, uses, or transmits protected health information. “Covered entities” cannot use personal health information (sometimes called “PHI”) for any reason other than for providing treatment or for securing payment or for insurance purposes. Otherwise, the covered entity must get written permission from the individual before it can release the personal health information.

Texas law also seeks to protect “sensitive personal information” (such as your name when combined with a Social Security number, a driver’s license number (or government ID number), or a credit card or debit card number. Businesses must implement and maintain reasonable procedures to protect the information and prevent unauthorized disclosures.

What is a “covered entity”?

The term “covered entity” includes insurance companies, Medicare, Medicaid, employers, schools, government agencies, health care providers, and businesses that handle health care information.

How does HIPAA protect my privacy?

HIPAA protects all information that could be used to identify you (i.e., your PHI), including:

  • Past, present, or future health
  • Health care or treatment
  • Payment for your health care

Are my health records and information private?

Yes. HIPAA set up new rules to protect your health information. These rules are called “Standards for Privacy of Individually Identifiable Health Information.” They apply to any person or group in the nation who handles your health records (“covered entities”), including:

  • Health insurance companies
  • Healthcare clearinghouses (like medical billing service companies) that process information they get from other health sources.
  • Health care providers

Unless you give your permission, your providers, insurance company, and any other company that handles your information must not share it.

This includes all your health information, whether it is on paper, sent electronically, or spoken.

Are there exceptions to the privacy rule?

Yes. Your doctor or health insurance company can share your private health information (PHI) without your permission for:

  • Treatment and healthcare
  • Payment
  • Public health reasons
  • Certain kinds of research

For example, your doctor can share your PHI with the hospital where you will have surgery, a specialist who will treat you, or to get paid for your care. But your doctor cannot give your PHI to a life insurance company unless you give specific written permission.

Only the minimum amount of information should be shared when your PHI is shared. Ask your doctor what information was shared and how it will be used.

Can anyone else see my health information?

Yes, but only if you give written permission. Here are some examples:

  • You can appoint someone, such as the person who is your power of attorney for health care, to see your records if needed.
  • You can allow someone to pick up your prescriptions at the drugstore.
  • If you are a parent, you can see your child’s medical records unless your child has consented to care that does not require your permission.

Can I see my medical records or get copies of them?

Yes. Texas law says you can see and copy your records. And if you find mistakes, you can ask to have them fixed.

Does HIPAA protect reproductive health care information?

Yes. HIPAA protects information relating to abortion and other sexual and reproductive health care. The federal Privacy Rule does not prevent disclosures that are expressly required by state law. However, the Privacy Rule says that covered entities should disclose only the information relevant to the specific requirements of the state law.

Disclosures that do not meet the “required by law” definition in HIPAA rules or that exceed what is required by state law, do not qualify as permissible disclosures.

The Privacy Rule’s permission to disclose PHI without an individual’s authorization is limited to “a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law.”

Current Texas law prohibits almost all abortion procedures. Texas law also requires physicians to submit reports to the state detailing specific information about abortions that they do perform. However, the physician reports cannot identify the patient by any means. If you would like more 

information on HIPAA and privacy rights surrounding reproductive healthcare, you can visit the federal Health and Human Services website at HIPAA and Reproductive Health.

Be aware that is a rapidly changing area of law. Consult an attorney if you have a need for specific legal advice.

What if I think my privacy has not been protected?

It is a crime to violate your privacy. You can file a complaint with the U. S. Department of Health and Human Services, Office of Civil Rights (OCR) by mail, fax or email. If you need help filing a complaint or have a question about the complaint form, please visit the OCR website at How to File a Civil Rights Complaint | Guidance Portal ( or the OCR toll-free number: 800-368-1019.

Related Articles