Quick answer: even though it's information ABOUT you, it's not your information per se--it belongs to who did the test. As I understand it, in most states clinics and hospitals are required to give you copies of your medical records if you request them. In some cases you can request that they not submit such information to insurers (like HIV tests for instance), otherwise by submitting to a test you are authorizing them to share it with insurers and other health facilities, and to legal entities if they get a court order.

I encourage people to get their medical records, check them for accuracy, etc. In my experience those who try to micromanage access to their medical records usually end up influencing their care for the worse.

I'm pretty lucky. The medical group my doctor belongs to has set up a state-of-the-art records management system that includes web access. I no longer have to pester the doctor for test results. Instead, I can see them and see all of the prior results from the comfort of wherever I am, and whenever I want to see it.

I guess that's what escapes me : how does it belong to those who did the test, but the person who it affects the most does not even get a copy, unless a doctor says so? Is the doc certifying that I am of sound enough mind to look at what my HDL/LDL is?

Actually, what's more mystifying is, how did this end up as a federal/state law on the basis of preserving my own privacy and security?

Btw, Jeff - thanks for the response. Despite the tone of my post conveying my frustration, it's not addressed to you or anybody else acting as the 'messenger' here. I just find the law itself wonky.

If you think it's a pain, you ought to work in IT for a group covered by HIPAA laws. I come to work every day knowing that if somehow, I've screwed up something and someone hacks my systems, I get to go to the "pokey."

Really, what HIPAA was intended to be and what it became are two different things. That's what happens when the government starts regulating stuff that should be common sense. My MIL worked on the original legislation, and even she agrees it has become a cluster....

Don't the privacy laws, have to do with WHO is the customer?

In the above cases, the Dr. would be as he is ordering the test so he can get the results he needs.

And no the law doesn't always use/have common sense. Just look at the language.

Look at what HIPAA stands for. It originally had nothing to do with privacy. You can blame patients ("consumers") who didn't want their lab tests being blabbed to aunt Jill if she dropped by the clinic. Good idea, but law of unintended consequences in full bloom.

The reason it belongs to the clinic or hospital--who has the machine and the reagents? You're just providing a little raw material for the machine. Not to be snarky, but by consenting to the test and giving them your blood you are giving them permission to use it for their own purposes, although they will share the results with you if you ask them (see above).

If you've ever gone to court, you can get a copy of the transcript, but it's not your testimony or decision, you can't keep it from being published or control what happens to the information, it belongs to the court. Same principle.