Massachusetts law about medical privacy

A compilation of laws, regulations, cases and web sources on medical records privacy law by the Trial Court Law Libraries.

Table of Contents

Best bet

HHS Office for Civil Rights: HIPAA 
Site links to just about every important document related to HIPAA standards for protection of the privacy of medical information, including laws, regulations, information for consumers and providers, and fact sheets on a variety of related topics

Massachusetts laws

MGL c.111, s.70 Copies of Medical Records; Fees
MGL c.111, s.70E Patients' Rights Law
MGL c.111, s.70F HIV Testing
MGL c.112, s.12CC Inspection of Records by Patient or Representative
MGL c.112, s.172A Mental Health Client Confidentiality
MGL c.123, s.36 Mental Health Records
MGL c.149, s.19A Copies of Reports of Employer-Required Physical Exams
MGL c.176O, s.27, as amended by St.2018, c.63 (S.2296) Protecting Access to Confidential Health Care (PATCH Act)
Creates procedures to ensure that patients may request that they receive a summary of payment form directly, rather than having it sent to the insurance policyholder (such as a spouse or parent). Various provisions are effective in June, September, and December of 2018, and March of 2019.

Massachusetts regulations

105 CMR 300 Reportable Diseases
243 CMR 2.07(13) Requirement to Make Available Records, Permissible Fees

Federal law

Health Insurance Portability and Accountability Act of 1996 (HIPAA) , P.L. 104-191. The law creating strict guidelines for medical record confidentiality.

Federal regulations

45 CFR 160 General Administrative Requirements
45 CFR 162 Administrative Requirements
45 CFR 164 Security and Privacy "The Privacy Rule"

Web sources

Health Care Personal Representatives , U.S. Dept. of Health and Human Services
HIPAA (Health Insurance Portability and Accountability Act) includes a number of provisions to safeguard a patient's privacy. Yet "there may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights." "..the covered entity must treat the personal representative as the individual for all purposes under the Rule"

HIV, Mass. Department of Public Health
Beginning in January 2007, all cases of HIV infection will be reported by name, rather than by code. This is to bring the state in line with federal requirements.

Print sources

A guide to HIPAA security and the law, by Stephen S. Wu. American Bar Association, 2016.

Guide to Medical Privacy and HIPAA, by D'Arcy Guerin Gue, Thompson Pub. Group, loose-leaf

Medical Records Law in Massachusetts, Lorman Education Services, 2014

Medical Records Privacy Under HIPAA, by Michael M. Madigan and Elizabeth M. Bock, Matthew Bender & Company, Inc.

Obtaining and Using Medical Records in Massachusetts, MCLE



Within Massachusetts only

Within Massachusetts only


Reference librarians online Chat with a law librarian 
Reference librarians via email


Administrative office (no law library at this location)
2 Center Plaza
9th Floor
Boston, MA 02108
Last updated: April 18, 2018