Skip to Content

MN. Statutes § 144.293 – Release or Disclosure of Health Records

Link to the law
This will open in a new window

Patient records cannot be released without:

  • a signed and dated consent from the patient or the patient's legally authorized representative authorizing the release;
  • specific authorization in law; or
  • a representation from a provider that holds a signed and dated consent from the patient authorizing the release.

A patient can request by writing that his records be given to another identified practitioner and is responsible for the reasonable costs of such transaction. The furnishing provider may retain a copy of the materials. Unless otherwise provided, a consent is valid for one year or for a period specified in the consent or for a different period provided by law.

This section does not prohibit the release of health records:

  • for a medical emergency when the provider is unable to obtain the patient's consent due to the patient's condition or the nature of the medical emergency;
  • to other providers within related health care entities when necessary for the current treatment of the patient; or
  • to a health care facility licensed by this chapter, chapter 144A, or to the same types of health care facilities licensed by this chapter and chapter 144A that are licensed in another state when a patient is returning to the health care facility and unable to provide consent; or who resides in the health care facility, has services provided by an outside resource under Code of Federal Regulations, title 42, section 483.75(h), and is unable to provide consent.

Notwithstanding other provisions of this section, if a patient explicitly gives informed consent to the release of health records, the consent does not expire after one year for:

  • the release of health records to a consulting provider;
  • the release of health records to an accident and health insurer, health service plan corporation, health maintenance organization, or third-party administrator for purposes of payment of claims, fraud investigation, or quality of care review and studies, provided that the use or release of the records complies with sections 72A.49 to 72A.505, release to unauthorized parties is prohibited, and adequate safeguards exist to prevent unauthorized disclosure, including a procedure for removal or destruction of information that identifies the patient.

Patient consent does not apply to the release of health records to the commissioner of health or the Health Data Institute under chapter 62J, so long as data is encrypted.

A provider or group purchaser may release patient record information to a record locator service without consent from the patient, unless the patient has elected out of the service. Providers are not required to participate in a record locator service as a condition of payment or participation. The Department of Health may not access the record locator service or receive data from the record locator service. Only a provider may have access to patient identifying information in a record locator service.

Unless there is a medical emergency, a provider participating in a health information exchange using a record locator service does not have access to patient record information unless the patient specifically consents to the access, but consent may be revoked at any time.

A health information exchange maintaining a record locator service must maintain an audit log of providers accessing information that at least contains information on the identity of the provider accessing the information, the identity of the patient whose information was accessed by the provider, and the date the information was accessed.

Patients must be able to opt out of including their records information in a record locator service via a conspicuous check-box option on a consent form. The provider is responsible for removing that information from the record locator service.

Unauthorized release of patient records must be documented in the patient's health record. In the case of a release under section 144.294, subdivision 2, the documentation must include the date and circumstances under which the release was made, the person or agency to whom the release was made, and the records that were released. Records released pursuant to patient consent must be documented by the provider identifying the provide requesting the health records, the identity of the patient, the health records requested, and the date the health records were requested.

Consent to requesting records warrants that the consent contains no information known to the person to be false, and accurately states the patient's desire to have health records disclosed or that there is specific authorization in law.

When requesting health records using consent, or a representation of holding a consent, a provider warrants that the request contains no information known to the provider to be false, accurately states the patient's desire to have health records disclosed or that there is specific authorization in law, and does not exceed any limits imposed by the patient in the consent.

When disclosing health records, a person releasing health records warrants that the person has complied with the requirements of this section regarding disclosure of health records, knows of no information related to the request that is false, and has complied with the limits set by the patient in the consent.


Current as of June 2015