Guide To Keeping Your Health Records Secure

What is it? Control Over My Health Records? Keep My Records Secure?

Your health records are arguably one of the most private documents about yourself. They contain not only your general information such as name, date of birth, address, etc. But they also contain almost every detail about your health such as the diagnoses you have received, procedures you have undergone, and all the medications you take.

When you go to the doctor or any other health care provider, your medical history will be recorded and kept in a computer and sometimes paper file so the doctor can keep track of any of your symptoms and past conditions.

Over the last few decades, efforts have been made in the medical community to have become a community standard because they are more secure, the streamline the process of getting and reviewing your health information from one provider to the other, and they have the potential to avoid redundant medical tests and incorrect diagnoses by keeping up-to-date and accurate information readily available for providers.

The implementation of electronic medical records also brought a wave of concern regarding how the electronic medical records were going to protect the patient and keep their information confidential and secure at all times.

What Is HIPAA?

In 1996 the United States congress enacted Health Insurance Portability and Accountability Act (HIPAA), that among other things, mandates any person, agency or entity on the medical industry that handles your personal health information to keep it secure and confidential.

External link: What Is HIPAA?

Through 18 identifiers, HIPAA lists what kind of information is legally considered personally identifiable information. Any health-related information including diagnoses, lab results, treatment plans, etc. that contain any of the 18 HIPAA identifiers is considered protected health information (PHI) and must be handled according to the law.

These 18 identifiers are:

  • Names
  • Address (all geographic subdivisions smaller than state, including street address, city, county, and zip code)
  • All dates and elements that can make it possible to identify a person’s age.
  • Telephone numbers
  • Fax number
  • Email address
  • Social Security Number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate/license number
  • Any vehicle or other device serial number
  • Web URL
  • Internet Protocol (IP) Address
  • Fingerprint or voice recordings
  • Photographic image, not limited to just the face
  • Any other characteristic that could make it possible to uniquely identify an individual

HIPAA also applies to clinical research; clinical trials or any other kind of research studies that handle either directly or indirectly any PHI, must take special data safety precautions when handling this information. Data for publication, reporting, or correspondence must be made completely unidentifiable prior to release.

  • Validation of Chlamydia Diagnostic Codes in TriNetX US EHR Data
    on January 26, 2026 at 5:00 am

    Conditions: Chlamydial Infections Sponsors: Sanofi Recruiting

  • MPN PROGRESSion Registry: Observational Study Tracking Symptoms, Treatments, and Disease Progression in People With Myeloproliferative Neoplasms (MPNs)
    on January 23, 2026 at 5:00 am

    Conditions: Polycythemia Vera; ET (Essential Thrombocythemia); Polycythemia Vera (PV); Essential Thrombocythemia (ET); Primary Myelofibrosis (MF); Primary Myelofibrosis (PMF); Myelofibrosis; Myelofibrosis (MF); Myelofibrosis, Primary; Myelofibrosis, Post ET; Myelofibrosis, Post PV; Myelofibrosis (PMF); Myelofibrosis,MF; Myelofibrosis; Primary Myelofibrosis; Post-polycythemia Vera Myelofibrosis; Post-essential Thrombocythemia Myelofibrosis; Myelofibrosis Due to and Following Polycythemia Vera; Myelofibrosis Transformation in Essential Thrombocythemia; Myelofibrosis With High Molecular Risk Mutations; MF; Secondary Myelofibrosis; Secondary Myelofibrosis in Myeloproliferative Disease; Secondary Myelofibrosis (Post-Polycythemia Vera Myelofibrosis, Post-Essential Thrombocythemia Myelofibrosis); Post-Polycythemia Vera Myelofibrosis; Post-polycythemia Vera Myelofibrosis (PPV-MF); Post-polycythemia Vera Myelofibrosis (Post-PV MF); Post-polycythemia Vera Myelofibrosis(Post-PV MF); Post-PV MF; Post-Essential Thrombocythemia Myelofibrosis; Post-essential Thrombocythemia Myelofibrosis (PET-MF); Post-essential Thrombocythemia Myelofibrosis(Post-ET MF); Post-essential Thrombocythemia Myelofibrosis (Post-ET MF); Post-ET MF; Pre-fibrotic Myelofibrosis; Myeloproliferative Disorder; Myeloproliferative Disorders; Myeloproliferative Disorders (MPD); Myeloproliferative Neoplasms (MPNs); Myeloproliferative Neoplasm(MPN)-Associated Myelofibrosis; Myeloproliferative Neoplasm With 10% Blasts or Higher; Myeloproliferative Neoplasms; MPN; MPN (Myeloproliferative Neoplasms); MPN-associated Myelofibrosis; Myeloproliferative Neoplasm, Unclassifiable; Myeloproliferative Neoplasm, Not Otherwise Specified; Accelerated Phase MPN; Accelerated Phase Myeloproliferative Neoplasm; Blast Phase MPN; Blast Phase Myeloproliferative Neoplasm; Thrombocythemia Myelofibrosis (PET-MF); Thrombocythemia, Essential; Thrombocythemia, Hemorrhagic; Agnogenic Myeloid Metaplasia; Chronic Idiopathic Myelofibrosis; Idiopathic Myelofibrosis; MDS/MPN Crossover Syndromes Sponsors: MPN Research Foundation; Sobi, Inc.; Karyopharm Therapeutics Inc; GlaxoSmithKline; Memorial Sloan Kettering Cancer Center Recruiting

  • EnCoRe MoMS: Engaging Communities to Reduce Morbidity From Maternal Sepsis (Aim 1)
    on January 21, 2026 at 5:00 am

    Conditions: Maternal Sepsis; Infections Interventions: Behavioral: Maternal Sepsis Safety Bundle Sponsors: Columbia University; Northern Manhattan Perinatal Partnership; Eunice Kennedy Shriver National Institute of Child Health and Human Development (NICHD) Recruiting

  • A Study of Tirzepatide (LY3298176) Compared With Standard of Care in Adult Participants With Obesity and Without Diabetes (SURMOUNT-REAL UK)
    on January 21, 2026 at 5:00 am

    Conditions: Obesity Interventions: Drug: Tirzepatide; Other: Standard of Care Sponsors: Eli Lilly and Company Recruiting

  • A Study to Assess the Long-Term Safety of Ustekinumab Versus Other Biologics in Patients With Crohn's Disease and Ulcerative Colitis
    on January 16, 2026 at 5:00 am

    Conditions: Crohn Disease; Colitis, Ulcerative Interventions: Drug: Ustekinumab; Drug: Other Biologic Therapies Sponsors: Janssen Scientific Affairs, LLC Recruiting

  • Children at Risk and Oral Health, The Dental Record Study
    on January 14, 2026 at 5:00 am

    Conditions: Child Abuse; Child Neglect; Child Maltreatment Sponsors: Oral Health Centre of Expertise in Western Norway; Childrens advocacy center Bergen Norway; The public dental health service Vestland Norway; Oral Health Center of Expertise Rogaland, Norway Recruiting

  • A Trial to Improve Family Clinical Note Access and Outcomes for Hospitalized Children
    on December 18, 2025 at 5:00 am

    Conditions: Hospitalized Child; Pediatric Patient Safety; Medical Errors; Parental Engagement in Care; Inpatient Pediatric Care Interventions: Other: Access to medical notes Sponsors: University of Wisconsin, Madison; Agency for Healthcare Research and Quality (AHRQ); Pediatric Research in Inpatient Settings (PRIS) Network Recruiting

  • Support Tool for Antibiotic Allergy deLabeling
    on December 16, 2025 at 5:00 am

    Conditions: Antibiotic Allergy Interventions: Other: EPR search Sponsors: Universitaire Ziekenhuizen KU Leuven; Noorderhart Pelt; AZ Herentals; Heilig Hartziekenhuis, Mol; AZ Turnhout; Sint-Jozefskliniek Izegem Recruiting

  • Improving Pediatrician Counseling About Infant Safe Sleep Using the Electronic Medical Record
    on December 9, 2025 at 5:00 am

    Conditions: Sudden Infant Death; Sudden Unexplained Infant Death Interventions: Behavioral: ISA-MI; Other: Standard of Care (SOC) Sponsors: Johns Hopkins University; National Institute on Minority Health and Health Disparities (NIMHD) Recruiting

  • Using Reinforcement Learning to Personalize Electronic Health Record Tools to Facilitate Deprescribing
    on November 19, 2025 at 5:00 am

    Conditions: Aging Interventions: Behavioral: Reinforcement learning Sponsors: Brigham and Women's Hospital; National Institute on Aging (NIA); Atrius Health Recruiting

  • Promoting Preconception Care and Diabetes Self-Management Among Reproductive-Aged Women With Diabetes
    on November 18, 2025 at 5:00 am

    Conditions: Diabetes Mellitus, Type 2; Electronic Health Record; Primary Health Care; Reproductive Behavior Interventions: Behavioral: Medication Reconciliation (MedRec) Tool; Behavioral: Provider Alert and Decision Support; Behavioral: PREPSheet; Behavioral: Text Messaging Sponsors: Northwestern University; Northwestern Memorial Hospital; AllianceChicago Recruiting

  • Liquid Biopsy Based NGS in Newly Diagnosed NSCLC
    on November 5, 2025 at 5:00 am

    Conditions: Non Small Cell Lung Cancer Metastatic; Newly Diagnosed NSCLC; Non-Squamous Non-Small Cell Neoplasm of Lung Interventions: Behavioral: iNUDGE Sponsors: Charu Aggarwal; Eli Lilly and Company Recruiting

Do I Have Control Over My Health Records?

In the United States, different states have different laws regarding the extent of the access and ownership each patient has over his or her medical records. In 49 states except New Hampshire, the patient cannot claim legal rights over their medical record, and must follow different rules to obtain them.

Some doctor offices upload patient’s medical records to a secure web portal where the patient can access his or her record. However, doctors are not obligated to do this nor to disclose the entirety of the patient’s record.

However, with the exception of psychiatry and psychotherapy notes, which you don’t have the right to access, in all states youhave the right to request a copy of your medical records and they must be provided to you. Also, providers also must ask your explicit permission before sending your records to another medical provider or third party.

External link: Your Medical Records

What Can I Do To Keep My Records Secure?

Though the privacy rules under HIPAA were implemented to keep your medical and personal information confidential and secure, only healthcare providers and third parties doing business with them are mandated to follow HIPAA rules.

This means that if you request your health information and want to keep it for your own personal records, you should be very mindful of how and where you will be storing it to keep it private and secure at all times.

Here are some tips on how to keep your health records secure:

  • If you want to store any of your medical information in a software or app research how they keep their user’s information secure, and read their terms and conditions to make sure you agree how your information will be handled.
  • Don’t post or share online any of your health information that you don’t want to be made public. Any content or information posted on the Internet may remain permanently even after you delete it.
  • If you decide to store your medical records on your personal computer consider installing encryption software.
  • Protect any folders or files with passwords.
  • Use a strong password and don’t share it with anyone.

External link: How To Keep Your Health Information Private and Secure