US FederalCan my doctor share my medical records without my consent?
Generally, no—your doctor cannot share your medical records without your consent, except in specific situations allowed by federal law like treatment, payment, or healthcare operations.
What the Law Says
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, codified at 42 U.S.C. § 1320d, sets federal standards for protecting individuals’ medical records and other protected health information (PHI). It restricts how covered entities—including doctors—may use and disclose PHI.
Under HIPAA, a covered healthcare provider generally may not disclose your protected health information (PHI) to third parties without your written authorization—unless the disclosure falls within an explicit exception.
Permitted exceptions include disclosures for treatment, payment, and healthcare operations (TPO), as well as for public health activities, judicial proceedings (with safeguards), and emergencies. Even then, disclosures must be limited to the minimum necessary information.
The law also gives you rights to access your records, request corrections, and receive an accounting of certain disclosures—though disclosures for TPO are excluded from that accounting.
Statutory TextThe term 'health information' means any information, whether oral or recorded in any form or medium, that—(A) is created or received by a health care provider... and (B) relates to the past, present, or future physical or mental health or condition of an individual...
— 42 U.S.C. § 1320d — Definitions
Sources
Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.