This page, Massachusetts law about medical privacy, is part of
This page, Massachusetts law about medical privacy, is offered by

Massachusetts law about medical privacy

A compilation of laws, regulations, cases and web sources on medical records privacy law by the Trial Court Law Libraries.

Table of Contents

Best bet

HHS Office for Civil Rights: HIPAA 
Site links to just about every important document related to HIPAA standards for protection of the privacy of medical information, including laws, regulations, information for consumers and providers, and fact sheets on a variety of related topics

Massachusetts laws

MGL c.111, §70 Copies of medical records; fees

MGL c.111, § 70E Patients' rights law

MGL c.111, § 70F HIV testing

MGL c.112, § 12CC Inspection of records by patient or representative

MGL c.112, § 172A Mental health client confidentiality

MGL c.123, § 36 Mental health records

MGL c.149, § 19A Copies of reports of employer-required physical exams

MGL c.176O, § 27 Protecting access to confidential health care (PATCH Act)
Creates procedures to ensure that patients may request that they receive a summary of payment form directly, rather than having it sent to the insurance policyholder (such as a spouse or parent).

Massachusetts regulations

105 CMR 300 Reportable diseases

243 CMR 2.07(13) Requirement to make available records, permissible fees

Federal law

Health Insurance Portability and Accountability Act of 1996 (HIPAA) , P.L. 104-191.
The law creating strict guidelines for medical record confidentiality.

Federal regulations

45 CFR 160 General administrative requirements

45 CFR 162 Administrative requirements

45 CFR 164 Security and privacy "The Privacy Rule"

Web sources

Health care personal representatives , U.S. Dept. of Health and Human Services
HIPAA (Health Insurance Portability and Accountability Act) includes a number of provisions to safeguard a patient's privacy. Yet "there may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights." "..the covered entity must treat the personal representative as the individual for all purposes under the Rule"

HIV, Mass. Department of Public Health
Beginning in January 2007, all cases of HIV infection will be reported by name, rather than by code. This is to bring the state in line with federal requirements.

Print sources

A guide to HIPAA security and the law, by Stephen S. Wu. American Bar Association, 2016.

Guide on the disclosure of confidential information: health care information, Court Improvement Program.
Includes guidance for health care providers, mental health and substance abuse professionals, and specific information for minors' health information.

Guide to medical privacy and HIPAA, by D'Arcy Guerin Gue, Thompson Pub. Group, loose-leaf

Medical records law in Massachusetts, Lorman Education Services, 2014

Medical records privacy under HIPAA, by Michael M. Madigan and Elizabeth M. Bock, Matthew Bender & Company, Inc.

Obtaining and using medical records in Massachusetts, MCLE.



Within Massachusetts only

Within Massachusetts only


Reference librarians online Chat with a law librarian 
Reference librarians via email


Administrative office (no law library at this location)
2 Center Plaza
9th Floor
Boston, MA 02108
Last updated: July 3, 2020