Skip to main content

Oregon State Flag An official website of the State of Oregon »

Oregon.gov Homepage

The Oregon Health Plan and Patient Access to Health Care Records

You have the right to ask for copies of your health care records.

You have this right because of a law called the Health Insurance Portability and Accountability Act of 1996 or HIPAA.

  • This can help you make better decisions about your health and do more to be healthy.
  • You can ask your health care provider or health plan for your records at any time.

You also have the right to make sure the information in your records is correct and know who has seen it. You can learn more about these rights on the U.S. Department of Health & Human Services website.

Getting your health information is getting easier.

You may also be able to get records from your coordinated care organization (CCO) or dental plan through an app on your phone, computer or other device. These records may include information about:

  • Health care services and their costs
  • Clinical data, such as lab results
  • Medications
  • Providers you have seen: Their name, specialty and contact information

Contact your CCO or dental plan to find out what kind of information they can share, and when they will be able to share it.

For members not enrolled in a CCO or dental plan, the Oregon Health Authority (OHA) plans to be able share information by mid-2023.

What to do before downloading a health app

It is important for you to protect your health information. Health information is very sensitive. If you are thinking about using an app to view your health information, be careful. Choose an app that will keep your information private and secure. To do this, take these steps:

​Look for an easy-to-read privacy policy that clearly states how the app will use your data. If an app does not have a privacy policy, do not use it!​

​If the app's privacy policy does not clearly answer these questions, or you don't feel comfortable with the answers given, think about finding another app to use.

  • What health data will this app collect?
  • Will this app collect non-health data from my device, such as my location?
  • How will this app store my data? Will it also use my personal information such as name and date of birth? Will my data be anonymous?
  • How will this app use my data?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, who will get my data, and why?
  • Can I limit how this app uses and shares my data? If so, how?
  • How will this app protect my data and keep it secure?
  • If I use this app for my health data, would it affect others, such as my family members?
  • Can I view and correct data collected this app? If so, how?
  • Can I send complaints about the app? If so, how? Does the app developer respond to complaints?
  • If I want the app to stop accessing my data, can I stop it? If so, how?
  • If I stop access, will the app delete my data?
  • If I want to delete the app, how do I make sure my data is also deleted?
  • Does the app notify users about changes to the app? If so, do the notices include changes that could affect the app's privacy or security?​

How to make a complaint about shared health information

If your health information was shared without your permission, you have the right to make a complaint. But first, ask these questions.

​The U.S. Department of Health & Human Services website lists who is and isn't required to protect your health information.

  • Who is required? Health care providers, health plans, and other businesses who support health care treatment, payment and operations for providers and plans.
  • Who is not required? Businesses that do not manage health care, such as employers, life insurers, schools, law enforcement agencies, and state/local government agencies that do not provide health care services or coverage. ​Most third-party apps will not be covered by HIPAA. ​

​OHA and health plans each have their own Notice of Privacy Practices that explains how they will use your health information.

If you don't agree with how your information was shared, you can file a complaint with the federal Office of Civil Rights:

If you feel your health care information was shared in error, file a health information protection complaint with OCR. 

​Most third-party apps will not be covered by HIPAA. Instead, the FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, even though the app's privacy policy says it will not do this).

The Federal Trade Commission (FTC) investigates online security violations, fraud, and bad business practices.

Questions?

​If you and other members of your household are in the same CCO or dental plan (plan), the plan may share health information only for individual members or for all household members (e.g., a group account).

  • Ask your CCO or dental plan how they will share your household's health information.
  • If you do not want your health information shared as a group, you need to ask your plan how to make this change.

OHA and plans each have their own Notice of Privacy Practices that explains how they will use and share your health information.

​If you want to correct information in the health records you view on your app, or have concerns that an app you no longer use still has access to your data:






Print-friendly PDF

English | English Large Print | Spanish | Spanish Large Print | Russian | Vietnamese | Traditional Chinese |  Simplified Chinese | Arabic | Somali (coming soon)

Phone and Internet Resources

Do you need help paying for a phone or internet access? The Oregon Lifeline Program provides qualified residents discounts on monthly phone or broadband (internet) fees.

Member Resources

Frequently asked questions

Member rights

OHP contacts

Words to know