Best bet
HIPAA for individuals, U.S. Department of Health and Human Services.
"Learn your rights under HIPAA, how your information may be used or shared, and how to file a complaint if you think your rights were violated."
Massachusetts laws
MGL c. 111, § 70 Copies of medical records; fees
MGL c. 111, § 70E Patients' rights law
MGL c. 111, § 70F HIV testing
MGL c. 112, § 12CC Inspection of records by patient or representative
MGL c. 112, § 172A Mental health client confidentiality
MGL c. 123, § 36 Mental health records
MGL c. 149, § 19A Copies of reports of employer-required physical exams
MGL c. 176O, § 27 Protecting access to confidential health care (PATCH Act)
Creates procedures to ensure that patients may request that they receive a summary of payment form directly, rather than having it sent to the insurance policyholder (such as a spouse or parent).
MGL c. 208, § 31 Custody of children; shared custody plans
"…custody of minor children shall not negate or impede the ability of the non-custodial parent to have access to the academic, medical, hospital or other health records of the child, as he would have had if the custody order or judgment had not been entered…"
Massachusetts regulations
105 CMR 300 Reportable diseases
110 CMR 11.22 Access to child’s medical records when in custody of DCF
243 CMR 2.07(13) Requirement to make available records, permissible fees
Federal law
Health Information Technology for Economic and Clinical Health Act (HITECH), P.L. 111-5.
Requires hospitals or other health-related organizations to notify patients about breaches of personal health information. See Title XIII, page 112.
Health Insurance Portability and Accountability Act of 1996 (HIPAA), P.L. 104-191.
The law which created strict guidelines for medical record confidentiality.
Federal regulations
45 CFR 160 General administrative requirements
45 CFR 162 Administrative requirements
45 CFR 164 Security and privacy "The Privacy Rule"
45 CFR 171 Exceptions to information blocking
Forms
Sample HIPAA authorization form, MassLegalServices.
Web sources
General
Department of Mental Health privacy practices/HIPAA
Includes the Privacy Handbook, forms, and policy on protected mental health information.
Disposal of protected health information, U.S. Department of Health and Human Services.
Guide on the disclosure of confidential information: Health care information, Mass. Court Improvement Program.
Includes guidance for health care providers, mental health and substance abuse professionals, and specific information for minors' health information.
Health information & privacy: FERPA and HIPAA, CDC.
Information about the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA Rules for telehealth technology, U.S. Department of Health and Human Services.
"All telehealth services provided by covered health care providers and health plans must comply with the HIPAA Rules."
Individual choice, U.S. Department of Health and Human Services.
Information about HIPAA’s Privacy Rule, optional consent, and the right to request to restrict disclosures of protected health information.
Public health privacy notices, Mass. Department of Public Health.
Explains how DPH collects, uses and shares personal and health information. It also explains your rights with regard to this information.
Medical records and billing
Information blocking, HealthIT.gov.
Interferes with "the access, exchange, or use of electronic health information (EHI), except as required by law or specified in an information blocking exception." Sharing clinical notes with patients is now mandatory.
Medical records obligations, Mass. Board of Registration in Medicine.
Policies for Massachusetts physicians and handling of patient medical records, including medical record retention.
Privacy in medical billing, Mass. Department of Public Health.
Information for patients who are on someone else’s health insurance policy (like parent or spouse) about the possibility of keeping billing information private when receiving services.
Privacy, security and electronic health records, U.S. Department of Health and Human Services, Office of Civil Rights.
COVID-19 vaccinations
HIPAA, COVID-19 vaccination, and the workplace, U.S. Department of Health and Human Services, September 30, 2021.
Answers common questions about HIPAA and COVID-19 vaccination.
What you should know about COVID-19 and the ADA, the Rehabilitation Act, and other EEO laws, Equal Employment Opportunity Commission.
Print sources
Guide to medical privacy and HIPAA by D'Arcy Guerin Gue, Thompson Pub. Group, loose-leaf.
Health care law: A practical guide by Scott Becker, 2nd ed., Matthew Bender, loose-leaf. (eBook available with library card)
Chapter 20: Medical Information and Confidentiality.
HIPAA: A practical guide to the privacy and security of health data by June M. Sullivan, American Bar Association, 2020.
HIPAA compliance handbook by Patricia Carter, Wolters Kluwer, 2024.
HIPAA law demystified by Brett Walker, MCLE, 2025.
Massachusetts health and hospital law manual, 4th ed., MCLE, 2023.
Chapter 9 HIPAA and HITECH.
Medical records law in Massachusetts by Mary Jo Kennedy, Lorman Education Services, 2014.
Medical records privacy under HIPAA by Michael M. Madigan, 2nd ed., Matthew Bender.
Obtaining and using medical records in Massachusetts, 4th ed., MCLE, 2016.
Contact
Online
| Last updated: | May 20, 2025 |
|---|