Skip to main content

Is it legal for her doctor's office put her medical records online without her permission?

Buffalo, NY |

My wife's doctor's office recently "web enabled" her on a patient portal website that apparently stores all of her medical information on it. They did so without her permission (written, verbal, or otherwise), and she was told that it is all ready for her if she chooses to use it. I have a feeling this holds true for all their patients.

I have a BIG problem with them not asking permission, or having us go through an account creation process where we agree to terms and conditions and privacy policies.

What if the wrong person gets emailed another person's credentials, what if someone hacks the system, etc. ?

Also, it is a publicly accessible website with low-grade security measures in place.

What can we do to get her "disabled?"

+ Read More

Attorney answers 5


There is no private right to sue under HIPAA.

Only 29% Contingency Fee! Phone: 215-510-6755


You could start with requesting the electronic file to be destroyed as it was uploaded without her permission. However, paperless systems are now very common. You are fighting a uphill battle and have my support. Good luck.

-Michael R. Juarez Law Office of Juarez and Schaeffer PO Box 16216 San Diego, CA 92105 (619) 804-4327 This posting is provided for “information purposes” only and should not be relied upon as "legal advice." Nothing transmitted from this posting constitutes the establishment of an attorney-client relationship. Applicability of the legal principles discussed here may differ substantially in individual situations or in different jurisdictions.

Michael Ryan Juarez

Michael Ryan Juarez


Make sure the request is in writing.


No private right to file a lawsuit under the HIPAA law.


The new age of electronic medical records I driving many providers to give patients the type of access you describe. There are typically numerous safeguards in place to protect this information to prevent exactly what you are concerned about. Although no method is totally foolproof you should contact the provider to find out what safeguards have been out into effect. This is not a situation where a simple email will allow access to the records so I think this will help curb some of your fears.


It is a government requirement that medical records be stored electronically.

J Charles Ferrari Eng & Nishimura 213.622.2255 The statement above is general in nature and does not constitute legal advice, as not all the facts are known. You should retain an attorney to review all the facts specific to your case in order to receive advise specific to your case. The statement above does not create an attorney/client relationship. Answers on Avvo can only be general ones, as specific answers would require knowledge of all the facts. As such, they may or may not apply to the question.

Can't find what you're looking for?

Post a free question on our public forum.

Ask a Question

- or -

Search for lawyers by reviews and ratings.

Find a Lawyer