Minnesota Health Privacy Rights
Understanding your health data privacy rights as a Minnesota resident, including state-specific laws and HIPAA protections.
Enhanced
Privacy Protection Level
HIPAA +
State Laws
7M+
Covered Entities
Your Privacy Rights in Minnesota
Enhanced ProtectionPre-HIPAA Consent Requirement (Minnesota Health Records Act): Minnesota historically had one of the strictest laws – it required patient consent for virtually all disclosures of health records, including for treatment purposes to outside entities, unless a specific exception applied. This meant that, beyond internal use, providers needed a signed consent to share your info with any third party (another doctor, insurance, etc.), except in emergencies or as required by law. In practice, Minnesota providers obtain a "general consent" on intake to cover treatment disclosures. This law (Minn. Stat. §§ 144.291–144.298) gave patients a theoretical right to refuse such consent, effectively keeping their records very private, but it could impede care. (Update: In 2023, Minnesota amended this law to align more with HIPAA for treatment, payment, operations, making it easier to share for care; still, for non-TPO disclosures, consent is needed.) Thus, Minnesota patients had (and to an extent still have) more say in who sees their data outside the treating entity.
Access: Minnesota requires providers to "promptly furnish" records. State law interpreted "promptly" as generally within 30 days, matching HIPAA, but expected sooner if possible. Minnesota also forbids charging patients fees for copies if the request is to review current medical care (ensuring cost isn't a barrier to recent info).
Mental Health: Minnesota's consent requirement extended to mental health records, with some exceptions for care coordination under the latest amendments.
Minor Privacy: Minnesota's minor consent laws give minors rights to confidential care (for example, minors can consent to STD treatment at 17 and those records won't be shared without minor consent).
Overall: Minnesota's law was an example often cited as "more stringent than HIPAA," giving patients greater theoretical control over disclosures. After amendments, it's closer to HIPAA for routine care, but still one of the stronger patient consent states historically.
Access: Minnesota requires providers to "promptly furnish" records. State law interpreted "promptly" as generally within 30 days, matching HIPAA, but expected sooner if possible. Minnesota also forbids charging patients fees for copies if the request is to review current medical care (ensuring cost isn't a barrier to recent info).
Mental Health: Minnesota's consent requirement extended to mental health records, with some exceptions for care coordination under the latest amendments.
Minor Privacy: Minnesota's minor consent laws give minors rights to confidential care (for example, minors can consent to STD treatment at 17 and those records won't be shared without minor consent).
Overall: Minnesota's law was an example often cited as "more stringent than HIPAA," giving patients greater theoretical control over disclosures. After amendments, it's closer to HIPAA for routine care, but still one of the stronger patient consent states historically.
Protect Your Minnesota Health Data
HealthConsent automates privacy protections for Minnesota residents across all applicable state and federal laws.
Start Protection Now Learn More About Your RightsRelated Resources
Your HIPAA Rights
Federal privacy protections that apply in all states
How to Exercise Your Rights
Step-by-step guide to protecting your privacy
All State Laws
Compare privacy rights across all 50 states
Privacy Threats
Understand the risks to your health data
Quick Navigation
Let HealthConsent® Secure Your Minnesota Privacy Rights
Minnesota's health data privacy framework combines federal HIPAA protections with applicable state laws. HealthConsent® helps you exercise these rights and ensures your medical information stays under your control.
Start Protecting Your DataTake control of your health data with state-specific privacy enforcement