What happens if I refuse my employer access to my medical records?

Asked by: Dr. Chet Crist  |  Last update: July 2, 2025
Score: 4.8/5 (2 votes)

Although your employer has no legal right to obtain your medical records, reviewing them would provide an efficient way to evaluate your condition. If you are unwilling to provide the records, your employer could require you to undergo an independent medical examination to secure the same information.

Should HR have access to medical records?

Because this information is both sensitive and retained on a “need-to-know” basis, there are both state and federal laws that require employers keep medical information obtained about employees separate from the employee's personnel file and kept confidential.

Is it a HIPAA violation for an employer to ask for medical records?

Per HIPAA - federal law concerning medical information - your employer does not have the right to directly ask your medical provider for your information without your explicit consent in the US. But they can ask you.

Do employers have a right to medical records?

An employer has no legal right to an employee's medical records but he may have a right to request a letter from an attending doctor or department saying that the patient received medical care from say, the Emergency department.

Can you get fired for accessing your own medical records?

If you did not have authorized access, whether you get fired for looking at your own medical records depends on your employer's sanctions policy.

Can a private employer violate Hipaa?

20 related questions found

Can I sue my employer for violating my HIPAA rights?

HIPAA says a lot of things, including that private health information needs to stay private. Now, there is no private right of action under HIPAA, and what that means is, if your rights are violated under HIPAA, in general, you can't sue for that violation under HIPAA.

Can your medical records be used against you?

In most states, an attorney can subpoena medical records. However, in some states medical records obtained by an attorney via a deposition subpoena can only be used during the discovery process and are not admissible as evidence in court (also see the next FAQ).

What is the employer's responsibility regarding employee medical records?

Yes. California law obligates an employer who receives medical information “to ensure the confidentiality and protection from unauthorized use and disclosure of that information.” An employee who experiences economic loss or personal injury because an employer fails to maintain the confidentiality of her medical ...

What is a HIPAA violation in the workplace?

A HIPAA violation in the workplace is any failure to comply with the standards and implementation specifications of the HIPAA Administrative Simplification Rules (i.e., the HIPAA Privacy, Security, and Breach Notification Rules) when the workplace is controlled by an entity subject to the Health Insurance Portability ...

Can my boss tell other employees about my medical condition?

In California, employers are generally prohibited from disclosing a worker's medical information to other employees. State laws provide important safeguards to protect employee privacy.

Can my employer see my prescriptions?

According to the ADA, employers are not allowed to ask potential new hires about their prescription drug history before they offer a job to the applicant. Speaking in generalities, employers can ask the applicants if they will be able to fulfill all the stated job duties in the job opening description.

How long does a HIPAA violation stay on your record?

How long a violation stays on a person's record depends on the nature and severity of the infraction. The HIPAA violation will likely remain if it's relatively severe and intentional. Such violations can include deliberately leaking or sharing protected health information (PHI) or stealing a patient's identity.

Can an employer call your doctor to verify a note?

If you're wondering, can my employer call my doctor to verify a note? —the answer is yes, but only to confirm the authenticity of the certification, not to inquire about specific medical details.

Can my employer force me to see their doctor?

While you do have the right to select your own treating physician, your employer still has a right to have you examined by a doctor of their choosing as often as you desire. If you refuse to let your employer's doctor examine you, you may lose your rights to workers' compensation benefits.

Can you look up your own medical records at work?

If you work in the same place where you receive health-care services, it is not a HIPAA violation to view your own records, but it may be a violation of your employer's policy.

Can HR look through your phone?

If you have a company-provided cell phone, your employer probably has the right to view your text messages, as well as other phone content and activities, such as your contacts and even what you do on social media.

Can you lose your job for violating HIPAA?

Though the Department for Human Health and Services can penalize organizations for HIPAA violations, they do not dictate whether an individual should lose their job over it. This decision rests with the employer, who will consider factors such as the severity of the breach and the factors that led to it.

Will a HIPAA violation show up on a background check?

Regardless of the sentence imposed, the HIPAA violation, the consequences of the HIPAA violation, and the penalty for the HIPAA violation will become public record and will show up on a background check.

What is a HIPAA violation of medical records?

A HIPAA violation refers to the failure to comply with HIPAA rules, which can include unauthorized access, use, or disclosure of Protected Health Information (PHI), failure to provide patients with access to their PHI, lack of safeguards to protect PHI, failure to conduct regular risk assessments, or insufficient ...

Who should not have access to employee medical records?

Any records covered by HIPAA are not to be shared with anyone unless you have the employee's permission. For instance, if you uncover that an employee has sleep apnea by reading the quarterly report from your company's medical program, it must remain confidential under HIPAA.

What is a breach of when working with medical records?

What Is a Medical Record Breach. Breaches in medical records can refer to a wide range of security issues that endanger a patient's confidentiality and trust in an organization. At its core, a data breach occurs anytime information is accessed without authorization — which can occur in a myriad of ways.

What questions can an employer ask about your health?

Questions like if an employee is able to work or when they expect they will be healthy enough to return back to work are perfectly acceptable. However, the employer is not able to ask direct questions about the specifics of the medical condition.

What happens if I decline HIPAA authorization?

If you decline a HIPAA authorization request, the consequences depend on the purpose of the request. Generally, covered entities are not allowed to condition the provision of treatment, payment, enrollment in a health plan, or your eligibility for benefits on a HIPAA authorization. However, there are a few exceptions.

Can I see who has accessed my medical records?

Can I find out who has accessed my health records? You can request an “accounting of disclosures,” which will tell you everyone who has received your health records for the past six years for purposes other than treatment, payment and health care operations.

What is the federal law for patient access to medical records?

The Privacy Rule generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more "designated record sets" maintained by or for the covered entity.