Patient data privacy and access resources


The AMA seeks to ensure that as health information is shared—particularly outside of the health care system—patients have meaningful controls over and a clear understanding of how their data is being used and with whom it is being shared. Above all, patients must feel confident that their health information will remain private.

Privacy by design for developers

AMA releases new guidance for health app developers on equitable data governance and collection.

Find best practices for efficiently providing patients with electronic access to medical records in one authoritative resource with the AMA's Patient Records Electronic Access Playbook.

The playbook covers elements, including requirements under HIPAA, to help practices provide patients with their own health information. Find legal requirementsreal-world scenariosthe world of appskey points to remember, and a patient records request flowchart.

Patients have a right to determine how and what parts of their health information is shared. Further, any individual or company seeking to access a patient’s most confidential medical information must comply with federal and state law and develop or have an established trusted relationship with the patient.

Stay informed and up-to-date about the ways the AMA protects patient information and patient privacy.

Information-blocking practices, which impede the secure exchange and use of electronic health information by practices, patients and doctors can stand in the way of providing quality care. AMA provides online resources for physicians on the information blocking rule that takes a deeper dive into integrating data sharing into medical practices and making medical records more easily available to patients.

Patients have the right to access their medical information. Access also improves the overall efficiency of the medical care team. Explore news, information, solutions and statements on EHR interoperabilityEHR usability and AMA patient privacy resources.

In the digital age, personal health information is not always truly private. Social media platforms, wearable fitness trackers and apps collect health data that can be shared for advertising purposes and, when combined with medical records, allow for profiling and discrimination. AMA has adopted policies designed to help integrate mobile health applications and devices (also known as mHealth) into clinical practice.

As practices and health care organizations become increasingly digitized, physicians must be aware of HIPAA’s Privacy, Security and Breach Notification requirements, that protect the confidentiality of their patients’ medical information. 

Protecting information gathered in association with the care of the patient is a core value in health care. 

The AMA Code of Medical Ethics provides guidance to help physicians strike the balance with patient's rights and privacy. 

How to ethically utilize AI

When used ethically, augmented intelligence (AI) has the power to serve as a transformative and powerful tool for physicians.


AMA actively engages the administration, Congress and industry stakeholders in discussions on the future direction of regulatory guardrails that are needed to restore public confidence in data privacy protections. 

The AMA has provided several recommendations to strengthen medical data privacy and improve federal health information technology policy. Recent letters to the federal government include: