You may like to think you're the only one with access to your personal medical records, but you're not; in fact, many different parties are allowed to see your records, your financial account information, and insurance information.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 set national standards in the U.S. for how personal health information is handled and shared. Under HIPAA, you have certain rights when it comes to your personal health information; you have the right to a copy of your health information, the right to correct any errors or make changes to your information, the right to restrict certain uses of your information, and the right to know who other than you has seen your information. Remember, it isn't only you and your doctor who can see (and have seen) what goes in that file. An account manager using a computer to electronically verify your insurance eligibility, for example, has access to your health information, but under HIPAA rules, the health information that's personally identifiable -- we'll get to what that means in a moment -- and is hidden from anyone who just wants to take a peek in your file.
Parties with legitimate access to your medical records are called covered entities and are supposed to comply with HIPAA rules; covered entities include health care providers (doctors, nurses, dentists, hospitals, clinics, pharmacies, etc.) who practice electronic health care transactions, health plans (including such parties such as health insurance companies, HMOs, Medicare and Medicaid), health care clearinghouses and third-party business associates (which includes such parties as claims processors, billing companies or IT specialists) [source: HRSA].
Compliance with HIPAA means covered entities have certain responsibilities when it comes to keeping your data private and secure.