Massachusetts law about medical privacy

A compilation of laws, regulations, cases and web sources on medical records privacy law by the Trial Court Law Libraries.

Table of Contents


Explaining HIPAA: No, it doesn’t ban questions about your vaccination status, Washington Post, May 22, 2021.

HIPAA, COVID-19 vaccination, and the workplace, U.S. Dept. of Health and Human Services, September 30, 2021.
Answers common questions about HIPAA and COVID-19 vaccination

What you should know about COVID-19 and the ADA, the Rehabilitation Act, and other EEO laws, Equal Employment Opportunity Commission.
See part K: Vaccinations.

Best bet

HHS Office for Civil Rights: HIPAA 
Site links to just about every important document related to HIPAA standards for protection of the privacy of medical information, including laws, regulations, information for consumers and providers, filing a complaint, and fact sheets on a variety of related topics

Massachusetts laws

MGL c.111, §70 Copies of medical records; fees

MGL c.111, § 70E Patients' rights law

MGL c.111, § 70F HIV testing

MGL c.112, § 12CC Inspection of records by patient or representative

MGL c.112, § 172A Mental health client confidentiality

MGL c.123, § 36 Mental health records

MGL c.149, § 19A Copies of reports of employer-required physical exams

MGL c.176O, § 27 Protecting access to confidential health care (PATCH Act)
Creates procedures to ensure that patients may request that they receive a summary of payment form directly, rather than having it sent to the insurance policyholder (such as a spouse or parent).

MGL c. 208, § 31  
"…custody of minor children shall not negate or impede the ability of the non-custodial parent to have access to the academic, medical, hospital or other health records of the child, as he would have had if the custody order or judgment had not been entered…"

Massachusetts regulations

105 CMR 300 Reportable diseases

110 CMR 11.22 Access to child’s medical records when in custody of DCF

243 CMR 2.07(13) Requirement to make available records, permissible fees

Federal law

Health Insurance Portability and Accountability Act of 1996 (HIPAA), P.L. 104-191.
The law creating strict guidelines for medical record confidentiality.

Federal regulations

45 CFR 160 General administrative requirements

45 CFR 162 Administrative requirements

45 CFR 164 Security and privacy "The Privacy Rule"

Web sources

Department of Mental Health privacy practices/HIPAA
Privacy Handbook, forms, policy on protected mental health information. 

Guide on the disclosure of confidential information: health care information, Mass. Court Improvement Program.
Includes guidance for health care providers, mental health and substance abuse professionals, and specific information for minors' health information.

Health care personal representatives, U.S. Dept. of Health and Human Services.
HIPAA (Health Insurance Portability and Accountability Act) includes a number of provisions to safeguard a patient's privacy. Yet "there may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights." "..the covered entity must treat the personal representative as the individual for all purposes under the Rule" See also Giving someone a power of attorney for your healthcare (multi-state guide and form)

Medical privacy, Electronic Frontier Foundation. 
Includes information on a variety of topics including abortion reporting, genetic information privacy, law enforcement access, public health reporting and national security and medical information.  

Privacy in medical billing, Mass. Department of Public Health.

Privacy, security and electronic health records, U.S. Dept. of Health and Human Services.  

Print sources

Guide to medical privacy and HIPAA, by D'Arcy Guerin Gue, Thompson Pub. Group, loose-leaf.

HIPAA : a practical guide to the privacy and security of health data, by June M. Sullivan, American Bar Association, 2020. 

Medical records law in Massachusetts, Lorman Education Services, 2014.

Medical records privacy under HIPAA, by Michael M. Madigan and Elizabeth M. Bock, Matthew Bender & Company, Inc.

Obtaining and using medical records in Massachusetts, 4th ed., MCLE, 2016.


Last updated: September 26, 2022