Your medical and health information need to be taken seriously. Learn what steps to take to protect your information and your privacy.

What You Need to Know About HIPAA

HIPAA stands for Health Insurance Portability and Accountability Act. It is the law that governs how health insurance companies, doctors, clinics, pharmacies, hospitals, and other medical services manage and protect medical information. ‌

HIPAA has limits, however. While it applies to how healthcare providers, health insurance providers, and healthcare clearinghouses handle your information, it doesn’t cover information you control and choose to share about yourself with the public. ‌

Many businesses and agencies provide health and wellness services or access health information, but aren’t governed under HIPAA. These include:

  • Researchers
  • Gyms and fitness clubs
  • Websites
  • Health apps
  • Schools

How to Protect Your Privacy

In today’s world of technology, you might be risking your privacy without even knowing. There are things you can do to make sure your health privacy is protected.‌

Don’t post private health information online. Social media is a great way to connect with friends and family, but be careful about what you post about your health. Social media companies sell your information to advertisers, sometimes even with your name attached to the data. ‌

Don’t post any information online that you don’t want to be public. This includes posting to groups, message boards, and forums. ‌

Use an ad blocker. Websites use tracking tools called cookies to help them target ads to people who have searched for similar products. Companies leverage your search history and information to make a sale. ‌

You’ve probably looked up a medical condition or procedure online. This practice can reveal a lot about your personal health. To protect your information, use an ad blocker extension on your browser. This will block annoying and targeted ads as well as tracking and cookies.‌

Don’t share your Medicare ID number. You will need to give your Medicare ID number to your doctor or hospital, but be cautious of anyone else who asks for this information. People can use your medical information to get prescriptions, surgeries, and medical care for themselves. This is a form of medical theft. ‌

Beware of phone calls asking for your Medicare ID for a new prescription or test you weren’t expecting. Also avoid giving out your information at health fairs or to salespeople who tell you that certain kinds of testing can be billed to Medicare. These are scams. ‌

As a general rule, don’t give out your information to strangers. 

Secure your paperwork. You might have paper copies of your medical records. Make sure you lock them in a secure cabinet and shred or burn any paperwork you don’t want or need. Don’t leave information out where others can easily see and read it. If you get copies of medical documents in the mail, make sure to check your mail regularly and consider switching to paperless. ‌

Don’t access and print health records from public places or your workplace where others can access your files. Instead, ask your doctor to print it for you and collect it from their office or have them send information directly to your new doctor.‌

Remember that medical records include papers like:

Think before you disclose. You might encounter situations where businesses or employers ask you to disclose your personal health information. You generally have the choice to decide what information you tell others. 

Before giving out your information, consider whether it’s necessary. For example, let’s say you have a workplace injury that should be covered under worker’s compensation insurance. If you want to receive benefits, you’ll likely want to disclose your health information about that injury to your employer. ‌

Most businesses are not covered entities under HIPAA. This means they can ask you questions about your health, but you don’t have to answer. If you feel it’s not necessary or don’t want to give the information, you can decline. ‌

Check your records. If you get unexpected medical bills for services you didn’t receive or a notice that you’ve reached your insurance limits but you haven’t been to the doctor, check your records. This could be a sign that someone is using your medical information. ‌

You have a right to access your records and to have any errors corrected. Call your doctors, pharmacies, any hospitals you've visited, and anywhere you have medical records and ask for a copy. ‌

Carefully review the records and look for anything out of place, like conditions you don’t have or visits you didn’t make. If there are any errors, inform your healthcare provider in writing. Send a letter by registered mail and keep a copy and the postage receipt. Your doctor will respond within 30 days. 


You can take a leading role in protecting your health privacy. If you think you’ve been a victim of medical theft, report it to the Federal Trade Commission Identity Theft. 

Show Sources


Consumer Reports: “How to Keep Your Health Information Private,” “How to Protect Your Health Data.”

Federal Trade Commission: “What To Know About Medical Identity Theft.”

The Office of the National Coordinator for Health Information Technology (ONC) “What You Can Do to Protect Your Health Information.”

Privacy Rights Clearinghouse: “Health Privacy: HIPAA Basics.”

U.S Department of Health & Human Services: “Employers and Health Information in the Workplace.”

© 2021 WebMD, LLC. All rights reserved. View privacy policy and trust info