Access to and Amendment of Health Records


Access to and Amendment of Health Records

This pub talks about how you can adjust your patient records. You can take someone with you when you go in to modify anything in the records. This pub also talks about certain things that cannot be changed in your patient records.

Disclaimer: This publication is legal information only and is not legal advice about your individual situation. It is current as of the date posted. We try to update our materials regularly. However, laws are regularly changing. If you want to make sure the law has not changed, contact DRC or another legal office.


A patient or former patient has the right to:

  • Review or copy their patient records, except as discussed below.
  • Request an amendment of their patient records.
  • File a complaint if they are denied access to their patient records.

Can I review copies of my patient records?

Yes. A patient has a right to review or obtain a copy of their records.1 In California, an adult patient, minor authorized to consent to their own medical treatment,2 or a patient’s personal representative has a right to review or obtain copies of their patient records.3

  1. A “patient” means a current or former patient.4
  2. A “personal representative” means a conservator, health care agent, or a minor patient’s parent or guardian.5
  3. “Patient records” means records created by a health care provider about a patient’s health history, diagnosis, condition, or treatment. They do not include information given in confidence to a health care provider by someone other than the patient or another health care provider.6

In addition, if a patient signs a release of information, patient records must be disclosed to the patient’s attorney.7

How do I obtain access to my patient records?

A patient or their personal representative must submit a request to inspect or receive copies of patient records.8 If the individual requests paper or electronic copies of the patient records, they must specify the records they want copied.9 The health care provider may require the patient to submit their request in writing.10

How long will it take for me to receive copies of my patient records?

A health care provider must allow an individual to review the records within 5 working days of receiving the request.11 If the individual requests copies of all or part of a file, a provider must send them copies within 15 days of receiving the request.12

Can a health care provider give me a summary of my patient records instead of or in addition to providing copies of my actual records?

Yes, but only if the patient agrees in advance to the summary of their records and to pay any fees for preparing the summary.13 The summary must contain information about each injury, illness, or episode that is in the record, including the following:

  1. A patient’s chief complaint(s), including relevant history;
  2. Findings from consultations and referrals to other health care providers;
  3. Diagnosis, if one was made;
  4. Treatment plan and regimen including medications prescribed;
  5. Progress of the treatment;
  6. Prognosis, including significant continuing problems or conditions;
  7. Relevant reports of diagnostic procedures and tests and all discharge summaries; and
  8. Findings from the patient’s most recent physical examination, such as blood pressure, weight, and the results of routine laboratory tests.

If a provider prepares a summary, they must make it available to the patient within 10 working days.14 Providers may give a patient notice that they need more time to prepare a summary, but must provide the summary within 30 days.15

The provider may also ask to meet with a patient to clarify the purpose of the request.16 If a patient is only interested in records about a specific injury, illness, or episode, the provider may give them a summary of only those records.17

How much does it cost to receive copies of my records?

A health care provider cannot charge more than 25 cents ($0.25) per page for paper copies, or 50 cents ($0.50) per page for copies from microfilm.18 A provider may also impose a “reasonable, cost-based fee” for providing a patient copies of their records.19 The fee can only include the costs of (A) labor for copying records, (B) supplies for creating copies, (C) postage, and (D) preparation of a summary of health records.20

In addition, a provider cannot charge a patient, their personal representative, or an employee from a nonprofit legal services organization that represents the patient, if they submit a written request for records to support a claim or appeal regarding:

  1. Eligibility for public benefits, including Medi-Cal; In-Home Supportive Services; CalWORKs; Social Security Disability Insurance (SSDI); Supplemental Security Income/State Supplementary Program for the Aged, Blind and Disabled (SSI/SSP); CalFresh; Cash Assistance for Aged, Blind, and Disabled Legal Immigrants; federal veterans service-connected compensation and nonservice connected pension disability; or a government-funded housing subsidy or tenant-based housing assistance program;
  2. A petition for U nonimmigrant status under the Victims of Tracking and Violence Protection Act; or
  3. A self-petition for lawful permanent residency under the Violence Against Women Act.21

If a patient requests records related to a claim listed above, a provider must provide copies of the records within 30 days of the written request.22 However, a provider does not need to provide records for free if a patient is represented by a private attorney (an attorney who does not work at a nonprofit legal services entity).23

Can I access my mental health records?

Yes, but there are some exceptions.

First, a patient does not have a right to access psychotherapy notes,24 which means notes taken by a mental health professional during an individual, group, joint, or family counseling session, and that are separated from the rest of a patient’s medical record.25

Second, if a health care provider believes that giving a patient access to their mental health records would present a substantial risk of significant detrimental consequences to the patient, the provider may decline to give them access to the records.26 If the provider denies the patient access to their mental health records, they must also:

  1. Include an explanation in the patient’s mental health records about why they refused to provide access to the records, including a description of the specific detrimental consequences they think will occur if they give the patient access;
  2. Permit the patient to choose a licensed physician, surgeon, psychologist, marriage and family therapist, clinical social worker, or clinical counselor to inspect or obtain a copy of their mental health records;
  3. Inform the patient that they are denying them access to their mental health records;
  4. Inform the patient that they have a right to require the provider to permit them to choose a health professional listed in b) to access their records; and
  5. Document in the patient’s mental health records whether the patient requested a health professional listed in b) to inspect or obtain a copy of their records.27

Can I access my child’s patient records?

Yes, but there are exceptions.

First, a parent or guardian does not have a right to inspect or obtain copies of a minor's patient records if the minor is legally authorized to consent to their own medical care.28 For example, if a minor is at least 12 years old and meets all the conditions required by law, they may consent to the following services:

  1. Outpatient mental health treatment or counseling;29
  2. Medical treatment related to a communicable disease;30
  3. Medical care related to the prevention of a sexually transmitted disease;31
  4. Medical care related to the treatment or collection of evidence with regard to alleged rape32 or sexual assault;33
  5. Medical care and counseling related to drugs or alcohol;34
  6. HIV testing.35

Second, a parent does not have a right to inspect or obtain copies of a minor's patient records if the provider determines such access would have a detrimental effect on (1) the provider's professional relationship with the minor or (2) the minor's physical safety or psychological well-being.36

Third, a parent does not have a right to inspect or obtain copies of a minor’s patient records if a psychotherapist knows that the minor was removed from the physical custody of their parent or guardian, unless a juvenile court orders otherwise.37

Are there other circumstances when a provider can deny me access to my records?

Yes. Pursuant to federal law (HIPAA), a licensed health care professional may deny an individual access to their health records under a few circumstances. Some of these denials are reviewable, but others are not.38

  1. Unreviewable.39 A provider can deny a person access to their records, without the opportunity for a review, if the records are:
    1. Psychotherapy notes;
    2. Compiled in anticipation of a civil, criminal, or administrative proceeding;
    3. Maintained by a correctional institution, or a health care provider under the direction of a correctional institution, and access to the records would jeopardize the health, safety, security, custody, or rehabilitation of the individual, other people who are incarcerated, or an employee of the correctional institution;
    4. Part of research conducted by a health care provider, as long as the individual agreed to denial of access when they consented to participate in the research;
    5. Protected by the Privacy Act (5 U.S.C. § 552a) (this Act applies to information collected by the federal government); or
    6. Obtained from someone other than a health care provider under a promise of confidentiality.
  2. Reviewable.40 A provider can deny a patient access to their records, but the patient has a right to have the denial reviewed, if:
    1. A health care professional has determined that access is likely to endanger the life or physical safety of the patient or another person;
    2. The record refers to another person (except for a health care provider) and a licensed health care provider has determined that access is likely to cause substantial harm to that other person; or
    3. The request for access is made by a patient’s personal representative and a licensed health care professional has determined that providing access to the personal representative is likely to cause substantial harm to the patient or to another person.

Reviews. If an individual requests a review of a denial of access to records, the health care provider must designate a health care professional who was not involved in the denial to review the denial decision. The designated health care professional must determine within a reasonable time if the denial was legally appropriate and must provide written notice to the requester of their determination.

Under California law, a health care professional may also deny access to:

  1. Copies of X-rays or tracings, electrocardiography, electroencephalography, or electromyography records if these records are transmitted to another health care provider within 15 days of the records request and the requester is informed of the name and address of the other health care provider;41
  2. Alcohol and drug abuse records, if disclosure is prohibited by the federal Drug Abuse Office and Treatment Act of 1972 or the federal Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilitation Act of 1970. All other alcohol and drug abuse records are subject to disclosure to a patient;42
  3. Records about communicable disease carriers if disclosure is prohibited by law.43

NOTE: Under California law, a health care provider cannot withhold a patient's records because of unpaid bills for services.44 If a health care provider willfully withholds records because of unpaid bills, they could be subject to sanctions.

What are my rights if a provider refuses to grant me access to my records?

Written Denial. If a provider denies access to patient records, the provider must provide a timely, written denial to the individual. The denial must be in plain language and contain:

  1. The basis for the denial;
  2. A statement about the individual’s right to request a review by a different health care professional and a description of how to request a review; and
  3. A description of how the individual can file a complaint with the provider or with the Secretary of the U.S. Department of Health and Human Services. The description must include the name or title and telephone number of the contact person to receive the complaint.45

HIPAA Complaint. A patient can file a complaint for violations of federal HIPAA privacy regulations through the U.S. Department of Health and Human Services Complaint Portal Assistant, which is available here:

If you have question about how to file a complaint, you may email the Office for Civil Rights (OCR) at or call, toll-free, 1-800-368-1019, TDD 1-800-537-7697. OCR provides alternative formats (such as Braille and large print), auxiliary aids and services (such as relay service), and language assistance.46

Complaints must be filed in writing within 180 days of the date a patient knew or should have known of the violation, unless the patient can demonstrate good cause for not filing within 180 days.47 The complaint must name the provider that is the subject of the complaint and describe the acts or omissions that violate HIPAA.48 A provider may not retaliate against a patient for exercising their rights under HIPAA.49

Additional information about HIPAA can be found at

State Complaints. A patient or a patient’s representative may sue a health care provider to enforce the health records laws in the California Health and Safety Code.50 A judge may award costs and attorneys’ fees to the prevailing party.

A patient may also sue for damages (money) if a provider went out of business and abandoned a patient’s records.51 Providers who go out of business must keep records for a minimum of 7 years and at least until an individual turns age 19.52

You have limited time to file a state complaint because of California’s statutes of limitations. Consult with an attorney immediately if you are considering filing a state complaint.

How do I amend my health records?

A patient has a right to request that a health care provider amend their health record as long as the record exists.53 The health care provider may require the patient to make the amendment request in writing and provide a reason for the amendment.54

Within 60 days of the request for an amendment, a provider must either:

  1. Grant the request;
  2. Deny the request and provide the individual with a written denial; or
  3. Provide a written statement to the individual extending the time to respond to the request by no more than 30 days, along with the reasons for the delay and the date that the provider will complete its action on the request.55

A provider may deny the request for an amendment if the provider determines that:

  1. The record is accurate and complete;
  2. The record was not created by the provider, unless the patient shows that the creator of the record is no longer available to act on an amendment request;
  3. The provider does not have the record; or
  4. The patient does not have a right to access the record.56

If the provider agrees to amend a patient’s record, the provider must:

  1. Append the amendment or provide a link to the location of the amendment;
  2. Inform the individual that the amendment was accepted;
  3. Obtain the individual’s agreement to have the provider notify people who need to know about the amendment; and
  4. Inform people who need to know about the amendment.57 Another provider that is informed about the amendment must also amend the patient records in their possession.58

If the provider denies an individual’s request for an amendment, the provider must provide the individual a timely, written denial, in plain language, that contains:

  1. The basis for the denial;
  2. The individual’s right to submit a written statement disagreeing with the denial, and how the individual may file the statement;
  3. Notification that even if the individual does not submit a statement disagreeing with the denial, they can request that the provider include the amendment request and denial in any future disclosure of the records; and
  4. A description of how the individual can file a complaint with the provider or with the Secretary of the U.S. Department of Health and Human Services.59

If a patient wishes to submit a written statement of disagreement, the provider may “reasonably limit the length” of the statement.60 The statement must then be included in future disclosures of the patient’s records.61 The provider may also prepare a rebuttal to the patient’s statement, but the provider must give the patient a copy of the rebuttal.62

A patient also has a right to provide a written addendum with respect to any item or statement in their records they believe is incomplete or incorrect. The addendum is limited to 250 words per alleged incomplete or incorrect item in the patient's record. The addendum must clearly indicate in writing that the patient wants the addendum to be made a part of their record. If the provider discloses the patient’s medical records, they must include the written addendum in the disclosure.63

  • 1. The California Patient Access to Health Records Act, Cal. Health & Safety Code § 123110(a); see also Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. § 164.524(a)(1).
  • 2. 45 C.F.R. § 164.502(g)(3)(i).
  • 3. Cal. Health & Safety Code § 123110(a); 45 C.F.R. § 164.502(g).
  • 4. Cal. Health & Safety Code § 123105(c).
  • 5. Cal. Health & Safety Code § 123105(d).
  • 6. Cal. Health & Safety Code § 123105(d); 45 C.F.R. § 164.524(a)(2)(v).
  • 7. Cal. Welf. & Inst. Code § 5328(a)(10).
  • 8. Cal. Health & Safety Code § 123110(a), (b)(1).
  • 9. Cal. Health & Safety Code § 123110(b)(1).
  • 10. 45 C.F.R. § 164.524(b).
  • 11. Cal. Health & Safety Code § 123110(a).
  • 12. Cal. Health & Safety Code § 123110(b).
  • 13. 45 C.F.R. § 164.524(c)(2)(iii); see also Cal. Health & Safety Code § 123130(a). [California law and federal law are slightly different. California law gives a health provider the choice to provide a summary of patient records instead of a copy of patient records, but federal law gives the patient the choice and requires advanced approval from the patient.]
  • 14. Cal. Health & Safety Code § 123130(a).
  • 15. Cal. Health & Safety Code § 123130(a).
  • 16. Cal. Health & Safety Code § 123130(b).
  • 17. Cal. Health & Safety Code § 123130(b).
  • 18. Cal. Health & Safety Code § 123110(j)(2).
  • 19. Cal. Health & Safety Code § 123110(j)(1).
  • 20. Cal. Health & Safety Code § 123110(j)(1).
  • 21. Cal. Health & Safety Code § 123110(d)(1).
  • 22. Cal. Health & Safety Code § 123110(e).
  • 23. Cal. Health & Safety Code § 123110(d)(3).
  • 24. 45 C.F.R. § 164.524(a)(i).
  • 25. 45 C.F.R. § 164.501.
  • 26. Cal. Health & Safety Code § 123115(b).
  • 27. Cal. Health & Safety Code § 123115(b)(1)-(b)(4).
  • 28. Cal. Health & Safety Code § 123115(a)(1), (a)(3); 45 C.F.R. § 164.502(g)(3)(i)(B).
  • 29. Cal. Fam. Code § 6924(b); Cal. Health & Safety Code § 124260(b)(1).
  • 30. Cal. Fam. Code § 6926(a).
  • 31. Cal. Fam. Code § 6926(b).
  • 32. Cal. Fam. Code § 6927.
  • 33. Cal. Fam. Code § 6928.
  • 34. Cal. Fam. Code § 6929(b).
  • 35. Cal. Health & Safety Code § 121020(a)(1).
  • 36. Cal. Health & Safety Code § 123115(a)(2).
  • 37. Cal. Health & Safety Code § 123116(a).
  • 38. 45 C.F.R. § 164.524(a).
  • 39. 45 C.F.R. § 164.524(a)(2).
  • 40. 45 C.F.R. § 164.524(a)(3).
  • 41. Cal. Health & Safety Code § 123110(c).
  • 42. Cal. Health & Safety Code § 123125(a).
  • 43. Cal. Health & Safety Code § 123125(b).
  • 44. Cal. Health & Safety Code § 123110(i).
  • 45. 45 C.F.R. § 164.524(d)(2).
  • 46. U.S. Dep’t of Health & Human Servs., Complaint Portal Assistant, (last accessed December 19, 2023).
  • 47. 45 C.F.R. §§ 160.306(b)(1), (3).
  • 48. 45 C.F.R. § 160.306(b)(2).
  • 49. 45 C.F.R. 164.530(g).
  • 50. Cal. Health & Safety Code § 123120.
  • 51. Cal. Health & Safety Code § 123145(b).
  • 52. Cal. Health & Safety Code § 123145(a)
  • 53. 45 C.F.R. §§ 164.526(a)(1).
  • 54. 45 C.F.R. § 164.526(b)(1).
  • 55. 45 C.F.R. § 164.526(b)(2).
  • 56. 45 C.F.R. § 164.526(a).
  • 57. 45 C.F.R. §§ 164.526(c)(1)-(3).
  • 58. 45 C.F.R. § 164.526(e).
  • 59. 45 C.F.R. § 164.526(d)(1).
  • 60. 45 C.F.R. § 164.526(d)(2).
  • 61. 45 C.F.R. § 164.526(d)(5).
  • 62. 45 C.F.R. § 164.526(d)(3).
  • 63. Cal. Health & Safety Code § 123111(b).