Do Health Insurance Companies Have Access to Medical Records? (2024)

It seems like there are new stories about data breaches every week — from credit card companies to hospital systems, no organization is invulnerable.

And besides breaches and hacks, there’s the concern that your information is legally accessible without your knowledge or explicit permission. What do your employer, doctor, and insurance provider know about you?

For instance, how much of your medical information does your health insurance company have access to?

Is it just your basic demographic information, or the details of every blood test, weigh-in, and check-up? Keep reading to learn more about your medical records, health insurance, and your rights under HIPAA.

Read More:

If you want to find another health insurer or just want to find the best health insurance rates, you can enter your ZIP code to compare health insurance rates now.

What Information Does Your Health Insurance Company Have Access To?

First things first: your health insurance company has access to some parts of your medical records, but only those which are necessary for it to do its job.

Most of the information your insurance company can view relates to payment processing and eligibility.

Let’s look at some of the information your insurance company needs access to. (For more information, read our “How to Access the Medical Information Bureau (MIB)“).

Healthcare Eligibility

When you apply for health or life insurance, the insurance company may request some information to determine your eligibility for coverage in accordance with your life insurance underwriting guidelines.

However, this does not extend to your entire medical history.

Typically, insurance companies belong to the Medical Information Bureau or the MIB. This is where they’ll go to get medical record information about you. (For more information, read our “Medical Information Bureau (MIB): What It Does & How It Works“).

The information about you in the MIB database is not extensive and doesn’t contain detailed reports about any medical exam, lab tests, x-rays, or any other specific personal information. Instead, it keeps track via codes that refer to broad categories of any medical condition. Insurance companies use these codes to determine if they need further information about an applicant before insuring them.

Three important things to know about MIB reports include:

• You can request a copy of your MIB report to see the same information insurance companies see.
• Your doctor cannot send information about you to the MIB without your written authorization.
• Information stays on file with the MIB for seven years.

The information the MIB has is for underwriting purposes and is meant to protect insurance companies from inaccurate insurance applications.

Information to Authorize Payment

Once you have insurance, your healthcare and pharmacy providers begin a regular line of communication with your insurer via billing.

Your insurance company needs to know what they’re processing payments for. Therefore, providers and their billing departments will share information relating to:

• Test results – If a medical test reveals that you have a condition that requires follow-up and treatment, your insurance company will need to know about it so that they can authorize payment on the treatments. They’ll also need to know if your doctor requests testing or lab work for you.
• Treatment plans – While every detail of your treatment plan isn’t needed, your insurance company will be informed of procedures, tests, and other elements of care that they’ll be billed for and required to make a payment on.
• Medical history – While your insurance company cannot request your entire medical history, they will need to know information related to the history of symptoms, treatments, and testing for a procedure you need or elect to have done. The insurer will need to see a demonstrated need for the procedure to authorize payment for it. It’s important to note, though, that they only need information demonstrating a medical need for a procedure — that doesn’t mean they’ll have access to every aspect of your condition or situation.

What Rights Do You Have to Protect Your Health Information?

You have the right to protect your health information to the fullest extent possible.

That being said, there are times when it’s necessary to share some information with providers and insurers so that you can receive treatment and your insurance company can make payments on your behalf.

You’ve probably heard of HIPAA, but in case you’re not entirely familiar with the protections it offers, we’ll review them.

What is HIPAA?

The Health Insurance Portability and Accountability Act, or HIPAA, protects you by preventing the disclosure of your medical information without your knowledge and consent. There are two parts to HIPAA: the privacy rule and the security rule. Let’s look at a quick summary of what each of these covers:

• The privacy rule – This sets standards for using and disclosing your health information. It also ensures that you have access to your information and are clearly told how your information is used. The goal of the privacy rule is to make it possible for you to receive the best possible care while maintaining your right to privacy. It does allow for the sharing of the necessary information with or without your permission for treatment, payment, and care. However, only the information that is necessary can be disclosed.
• The security rule – This rule applies to the entities that have your protected health information. It states that the information must be kept secure at all times. Any form of breach must be disclosed to you.

How Do HIPAA Laws Apply to Specific Entities?

Now that you have a basic understanding of HIPAA works, let’s take a closer look at how the laws apply to specific entities.

You and Your Family

You have the right to request a copy of your medical records and, by law, your doctor must provide it to you within 30 days. The doctor’s office can charge a small fee for copying or mailing the records, but that’s all.

In some cases, you might choose to give a family member access to your medical records. How do you know if you’ve already done this? You would have asked to sign a release form allowing specific members of your family to also access your records. Otherwise, your doctor can’t share this information with them.

Sometimes, your doctor will ask if it’s acceptable to leave a message or speak with someone else in your household if you’re not available. You would sign an authorization form for this as well.

Your Doctors

Your doctor will see the health information you provide on the forms you fill out when you go to their office. They can also ask you questions about your health for the purpose of treating you. If you need to see a specialist or another provider, your doctor will have you sign an authorization allowing them to share your information with the other doctor as well.

Your Insurance Company

As we’ve discussed, your insurance company can request information about your health records for the purpose of payment authorization. If you deny them access to the records they need, they may decline authorization of payments to your providers and you’ll be stuck with the bill.

Medical Information Bureau

The MIB can request information about you and, with your authorization, store it for the use of insurance companies. Your doctor cannot send this information without your signed permission.

Prescription Databases

The rules regarding prescription databases and HIPAA put those seeking insurance in a tight place.

There are two large companies, Milliman and Ingenix, that buy prescription information data. They compile it into reports that they then sell to insurance companies. You do have to give authorization for your prescription information to be provided to these companies but, unfortunately, it’s very difficult to get health insurance if you don’t agree to share your information with them.

As you can guess, the information insurers receive can be used to make estimates and guesses about your health. For example, if you regularly take two medications to control two separate issues, the insurance company can determine that you’re likely to be a more costly person to insure. They will then charge you more for your premium than they would if you were not taking two prescription medications.

Balancing Privacy and Necessity

As you can see, there are many elements involved in HIPAA and the authorization of your medical records. Ultimately, HIPAA was created to keep you and your information safe.

Nonetheless, it gets tricky to balance your information security, your privacy, and what your insurance company needs to know to make payments to your providers.

Keep Your Information Safe

All of this may leave you wondering — how do you keep your information safe while still getting the healthcare and insurance you need?

Unfortunately, sharing some of your information is a necessary step in obtaining health insurance. However, you can mitigate the risk to you and the possibility of higher premiums by keeping an eye on your information.

Some of our top tips for doing so include:

• Obtaining copies of your medical records regularly
• Checking your records for errors and requesting changes if you find any mistakes
• Carefully reading any authorization forms related to the release of your medical information.

Find the Best Health Insurance for Your Needs

We know how tough it can be to find the right health insurance company. There are countless options out there and you need one that gives you a good rate, excellent coverage, and a sense of security that your information is safe.

We help you compare plans and rates with our free, easy-to-use tool. This enables you to make the best decision for your health and your family. Get started today with our free search tool and start saving on your healthcare.

Case Studies: Health Insurance Companies and Access to Medical Records

Case Study 1: John’s Eligibility Verification

John recently applied for health insurance coverage. As part of the application process, the insurance company requested some information to determine his eligibility. They accessed John’s medical records from the Medical Information Bureau (MIB), which contains limited information about medical conditions indicated by codes.

The insurance company used these codes to assess if further information was required before insuring John.

Case Study 2: Sarah’s Treatment Authorization

Sarah, a policyholder with health insurance, sought treatment from a healthcare provider. To authorize payment for the treatment covered by her insurance, her insurance company needed to know the details of the treatment.

Sarah’s healthcare provider shared the necessary information with the insurance company through billing communication.

Case Study 3: Mark’s Prescription Information

Mark was applying for health insurance and was required to provide authorization for his prescription information to be shared with Milliman and Ingenix, companies that compile and sell prescription data reports to insurance companies.

By giving consent, Mark allowed the insurance company to access his prescription information, which could potentially influence premium estimates based on his health condition.