Skip to Content

Privacy and Confidentiality in Minnesota

        Minnesota law takes several steps to protect the confidentiality of patient health information.  Patients in health care facilities have a right to have their medical records remain confidential.1  Like most other states, Minnesota requires a patient’s written, signed consent before a health care provider can release the patient’s health records.  Patient consent is also required before a provider may transfer a patient’s medical record to another provider.  The law validates patient consent for up to one year, with certain exceptions for treatment, payment and other purposes.2  Minnesota also has specific laws governing the permissible disclosure of a patient’s mental health information to family members and law enforcement.3  Consent is also needed before an insurance company or health maintenance organization is permitted to disclose individually identifiable information, unless the disclosure is to a health care provider for insurance verification purposes or to detect fraud or criminal activity.4  Minnesota law also requires health care providers and health plans to collect and report certain information to the Commissioner of Health.  While the law does not require patient consent to disclose the information to the Commissioner, it does require that the information remain confidential.5

            Individual level data collected for public health purposes and disease surveillance must remain private under Minnesota law.6  Similarly, test results for blood borne pathogens must not be disclosed without the patient’s written consent.7   The law is so protective of the confidentiality of these test results that it makes it a misdemeanor for any health care facility or individual to willfully violate the disclosure, consent or other laws pertaining to the blood borne pathogen testing, reporting or recording.8

            Minnesota also has certain laws put in place to ensure the privacy and confidentiality of health information used for research purposes.  Information collected by the Commissioner of Health for research studies must remain confidential and only be used for research purposes.9  The Commissioner must ensure that any such data does not identify the patient and is aggregated data.10  Health care providers must obtain patient authorization before releasing medical records created after Jan. 1, 1997 to researchers.  The researcher also has an obligation to ensure that individually identifiable information is not released without the patient’s consent.11  Health insurers, however, do not need patient authorization before disclosing personal information for research purposes, as long as the information is de-identified.12

 

 

Footnotes

  • 1. M.S.A. §144.651; MN ADC 4658.0435
  • 2. M.S.A. §144.293
  • 3. M.S.A. §144.294
  • 4. M.S.A. §72A.502
  • 5. M.S.A. §62J.321
  • 6. M.S.A. §144.4186; M.S.A. §144.69
  • 7. M.S.A. §144.7411
  • 8. M.S.A. §144.7415
  • 9. M.S.A. §144.053
  • 10. M.S.A. §144.6581
  • 11. M.S.A. §144.295
  • 12. M.S.A. §72A.502

 

Privacy and Confidentiality in Minnesota

Subtopic Statute/Regulation Description
Privacy and Confidentiality M.S.A. §144.053 Research Studies Confidential All information collected or retained by the Commissioner of Health as a result of a study to reduce morbidity and...
M.S.A. §144.293 Release or Disclosure of Health Records A provider may not release a patient’s health records to another person without a signed, dated consent...
M.S.A. §144.294 Records Relating to Mental Health If a spouse, child or other individual submits a written request to receive information regarding a patient who is...
M.S.A. §144.295 Disclosure of Health Records for External Research Methods of Release: ealth records may be released to an external researcher for medical or...
M.S.A. §144.298 Penalties Violations of laws regarding patient access to his or her own medical records may subject the provider to disciplinary actions by the...
M.S.A. §144.4186 Data Privacy Data collected under health threat reporting is protected nonpublic data if it does not concern individuals, and is private information...
M.S.A. §144.651 Health Care Bill of Rights The purpose of the Health Care Bill of Rights is to promote the interests and well being of patients.  A health care...
M.S.A. §144.6581 Determination of whether data identifies individuals The Commissioner of Health may withhold access to health or epidemiological data that identifies...
M.S.A. §144.69 Classification of data on individuals Data collected as part of the cancer surveillance system, such as names and personal identifiers, is private...
M.S.A. §144.7411 Test Information Confidentiality Information about blood borne pathogen test results cannot be disclosed without the patient’s consent. ...
M.S.A. §144.7415 Penalties and Immunity Any health care facility or individual who willfully violates the disclosure, consent or other laws pertaining to the blood...
M.S.A. §145.64 Confidentiality of records of review organization Data and information obtained by a peer review organization must remain confidential.  The...
M.S.A. §60A.952 Disclosure of Information If an authorized person informs the insurance company that he or she believes that fraud has taken place, the insurer must...
M.S.A. §62D.145 Disclosure of Information Held by Health Maintenance Organizations A health maintenance organization or insurance plan is prohibited from disclosing...
M.S.A. §62J.321 Data Collection and Processing Procedures The Commissioner of Health can require health plans and health care providers to collect data and provide...
Minn. Stat. § 254A.09 Confidentiality of records All substance abuse treatment records are confidential and privileged to the patient and may only be disclosed according...
MN ADC 4658.0435 Confidentiality of Clinical Records and Information Information in patient clinical records in nursing facilities must be kept confidential. ...