Skip to Main Content

Confidentiality of Medical Records

Provider Type

  • Physicians (does not apply to Cal MediConnect)
  • Participating Physician Groups (PPG) 
    (does not apply to HSP)
  • Hospitals
  • Ancillary

Counties Covered

  • Fresno
  • Kern  
  • Kings
  • Los Angeles
  • Madera
  • Riverside
  • Sacramento
  • San Bernardino
  • San Diego 
  • San Joaquin
  • Stanislaus
  • Tulare

Members are entitled to confidential treatment of member communications and records. Case discussion, consultation, examination, claims and treatment are confidential and must be conducted discreetly. A provider shall permit a patient to request, and shall accommodate requests for, confidential communication in the form and format requested by the patient, if it is readily producible in the requested form and format, or at alternative locations. The confidential communication request shall apply to all communications that disclose medical information or provider name and address related to receipt of medical services by the individual requesting the confidential communication. Written authorization from the member or authorized legal representative must be obtained before medical records are released to anyone not directly concerned with the member's care, except as permitted or as necessary for administration by the health plan.

Health Net requires participating providers to have a written policy in place that provides for the protection of confidential protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). The policy must be kept in hard copy or electronic format and must include a functioning mechanism designed to safeguard records and information against loss, destruction, tampering, unauthorized access or use, and verbal discussions about member information to maintain confidentiality.

Provider agrees that all health information, including that related to patient conditions, medical utilization and pharmacy utilization, available through the portal or any other means, will be used exclusively for patient care and other related purposes as permitted by the HIPAA Privacy Rule.

PHI is considered confidential and encompasses any individual health information, including demographic information collected from a member, which is created or received by Health Net and relates to the past, present or future physical, mental health or condition of a member; the provision of health care to a member; or the past, present or future payment for the provision of health care to a member; and that identifies the member or there is a reasonable basis to believe the information may be used to identify the member. Particular care must be taken, as confidential PHI may be disclosed intentionally or unintentionally through many means, such as conversation, computer screen data, faxes, or forms. Disclosure of PHI must have prior, written member authorization.

Last Updated: 06/30/2022