Patients have a right to expect a certain amount of privacy of their medical records and health information.
The federal Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for the protection of personal health information. HIPAA both defines patients’ rights over their information and sets rules and limits on who is allowed to see and/or receive such information.
The HIPAA Security Rule further protects privacy by setting national standards for the security of electronic protected health information.
Individual states also have laws that protect residents’ privacy interests in their medical information. Such laws may be more lax than HIPAA or more stringent.
From Office for Civil Rights at http://www.dhhs.gov/ocr/privacy/index.html