District of Columbia Minor Medical Records Access Laws: A Guide for Parents and Teens
This guide explains how District of Columbia law treats minor consent, access to medical records, vaccination consent, parental access limits, record retention, confidentiality, and provider duties. It translates key rules from the District of Columbia Municipal Regulations, the D.C. Code, and HIPAA so you can confidently navigate care and records.
Minor Consent Rights and Eligibility
What services minors may consent to on their own
Under the District of Columbia Municipal Regulations (22-B DCMR § 600), a minor of any age may consent to health services they request for pregnancy (including lawful termination), treatment or prevention related to sexually transmitted diseases (STDs), help for a mental or emotional condition, and services for substance use, including alcohol or drug issues. These self-consent rights are in addition to emergency circumstances, where providers may treat to prevent serious harm without delaying for parental consent. ([dchealth.dc.gov](https://dchealth.dc.gov/sites/default/files/dc/sites/doh/publication/attachments/DCMR%2022%20B600_7.pdf))
Outpatient mental health care without a parent
D.C. law allows a provider to deliver outpatient mental health services and supports (other than medication) to a minor who voluntarily seeks care, when clinically indicated, for up to 90 days without parental consent. After 90 days, the provider must reassess, end care, or—if the youth agrees—notify the parent or guardian to continue. Special rules apply to inpatient treatment and psychotropic medications. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/7-1231.14.html))
“Informed Consent Standard” for certain older teens
Since March 23, 2024, a minor who is 16 or older and enrolled in Medicaid or the DC HealthCare Alliance may make medical appointments, consent to eligible primary care, dental, and vision services, and request their medical records without parental consent—if they meet the “informed consent standard,” meaning they can comprehend the need, nature, and significant risks of the service. Vaccinations, specialist care, emergency care, and surgery are excluded from these “eligible health services.” ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/25-145))
Medical Records Access for Minors
Direct access for certain Medicaid and Alliance enrollees
Teens 16 and older who are enrolled in Medicaid or the DC HealthCare Alliance may directly request their medical records from a provider, without a parent’s permission, for the “eligible health services” noted above—so long as they satisfy the informed consent standard (definition in law). ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/25-145))
Access to records for care a minor consented to
HIPAA generally treats a parent as a minor’s “personal representative,” but there are important exceptions. When a minor is permitted by law to consent to their own care (for example, STD services, pregnancy-related care, mental health counseling, or substance use services), the minor typically controls access to records for that episode unless other law requires disclosure. Providers may also limit parental access when disclosure could endanger the child. ([hhs.gov](https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html))
How to request records in practice
District law requires health care entities to furnish a “complete and current copy” of a patient’s medical record upon written request and permits a reasonable copying fee. As to retention, entities must keep adult records at least five years after last contact and minor records at least five years after the patient reaches age 18 (additional facility-specific rules may apply; see below). ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/3-1210.11))
Vaccination Consent for Minors
Who can consent without a parent
As of March 10, 2023, D.C. law permits specific minors to consent to Advisory Committee on Immunization Practices (ACIP)-recommended vaccines: emancipated minors; minors who are or were married; unaccompanied homeless minors; minors who are or have been pregnant; and minors separated from parents or guardians and not supported by them. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/24-312))
When other minors may be vaccinated
For minors not in those categories, a vaccine provider may accept the minor’s consent only after making a reasonable attempt to reach a parent or guardian and receiving no objection. If a parent objects, a minor can seek a court order. Separately, the 2024 law allowing some 16- and 17-year-olds on Medicaid or the DC HealthCare Alliance to self-consent to certain care explicitly excludes vaccinations; those continue to be governed by the vaccination statute. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/24-312))
Parental Access Limitations
HIPAA’s baseline and key exceptions
Under HIPAA, parents usually have access to their minor child’s records as personal representatives. Exceptions apply when a minor is permitted to consent to care, when care is ordered by a court, or when the parent agrees to a confidential provider–minor relationship. If state law is silent, providers may use professional judgment; they may deny parental access if treating the parent as a representative would endanger the child. ([hhs.gov](https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html))
D.C.-specific confidentiality for sensitive services
D.C. regulations restrict disclosure of a minor’s information related to STDs, pregnancy, substance use, and emotional illness without the minor’s consent, absent a specific legal requirement or a narrow health-protection need; additional provisions govern what may be shared with parents in particular circumstances. ([dcrules.elaws.us](https://dcrules.elaws.us/dcmr/22-b602))
Mental health records: who must authorize disclosure
Under the D.C. Mental Health Information Act, disclosures requiring authorization are controlled as follows: under age 14, a parent or guardian authorizes; ages 14–17, both the youth and the parent/guardian must jointly authorize; at 18+, the patient authorizes. These rules operate alongside HIPAA and other privacy laws. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/7-1202.05))
Substance use disorder confidentiality
Substance use disorder treatment records are also protected by federal confidentiality rules (42 C.F.R. Part 2). D.C. behavioral health regulations incorporate these protections and require providers to secure and limit access to such records. ([dcrules.elaws.us](https://dcrules.elaws.us/dcmr/22-a6321))
Ready to simplify HIPAA compliance?
Join thousands of organizations that trust Accountable to manage their compliance needs.
Medical Records Maintenance and Retention
General retention rules
District law requires health care entities to retain medical records for at least five years after the last contact for adults, and for at least five years after a minor reaches age 18. Entities must also furnish records upon proper written request and may charge only a reasonable fee set by rule. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/3-1210.11))
Hospitals and specialized facilities
Hospitals must keep records at least 10 years after discharge, and for minors, until three years after the age of majority. Other District regulations (for example, Title 29 public welfare and Title 22-A behavioral health standards) may impose additional, program-specific retention and privacy requirements. When policies differ, the stricter rule and longer retention period typically govern. ([dcrules.elaws.us](https://dcrules.elaws.us/dcmr/22-b2030))
Confidentiality and Legal Protections
District privacy statutes and court protections
The D.C. Mental Health Information Act strictly limits disclosure of mental health information, setting who may authorize release and when providers may limit even an authorized disclosure. Separately, D.C. courts note that judges generally may not issue subpoenas for medical records without a finding that the subject has consented, waived consent, or other statutory conditions are met. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/7-1202.06))
Electronic exchange and adolescent privacy
The District’s Health Information Exchange (DC HIE) framework sets core privacy, security, and access requirements for participating entities. In practice, providers implement “proxy access” settings in patient portals to reflect HIPAA and D.C. confidentiality rules—often segmenting or limiting parent visibility to protect adolescent-sensitive information while still facilitating scheduling and care coordination. ([dhcf.dc.gov](https://dhcf.dc.gov/page/dc-hie))
Healthcare Provider Responsibilities
Verify consent authority and capacity
Before treating without a parent, confirm whether the minor qualifies to self-consent under 22-B DCMR § 600 (e.g., pregnancy, STD, mental health, substance use), or under the vaccination statute; if the youth is 16–17 and enrolled in Medicaid or the DC HealthCare Alliance, ensure the service is “eligible” and the youth meets the informed consent standard. Document determinations in the clinical record. ([dchealth.dc.gov](https://dchealth.dc.gov/sites/default/files/dc/sites/doh/publication/attachments/DCMR%2022%20B600_7.pdf))
Protect confidentiality and manage proxy access
Apply HIPAA’s personal representative rules and D.C.-specific limits for sensitive services. Configure patient portal proxy access to reflect these constraints and use adolescent privacy settings or segmentation so confidential encounters remain protected while enabling appropriate parental involvement. Train staff on when minor-controlled information may not be released without the youth’s authorization. ([hhs.gov](https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html))
Maintain and release records appropriately
Keep records for the minimum statutory periods (including extended timelines for minors and hospitals), respond to lawful requests in a timely manner, and follow 42 C.F.R. Part 2 for substance use disorder records. Establish destruction and auditing procedures that comply with District and federal rules. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/3-1210.11))
Key takeaways
In D.C., minors can independently consent to several sensitive services; certain older teens on Medicaid or the DC HealthCare Alliance can also consent to specified primary care, dental, and vision services and request their records. Vaccination consent follows a separate statute. HIPAA is the baseline, but D.C. rules add stronger protections—especially for mental health and substance use—while record-retention timelines vary by setting.
FAQs
What age can minors in DC access their medical records without parental consent?
Ages 16–17 who are enrolled in Medicaid or the DC HealthCare Alliance may request their medical records for eligible services if they meet the informed consent standard. For other minors, access depends on whether they legally consented to that care (e.g., STD, pregnancy, mental health, or substance use), in which case they typically control those records under HIPAA and D.C. law. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/25-145))
How long must minor medical records be retained in DC?
At a minimum, health care entities must retain records for five years after a minor reaches age 18. Hospitals must keep records longer—until three years after the age of majority (and at least 10 years from discharge). Providers may choose to retain longer for clinical, legal, or payer reasons. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/code/sections/3-1210.11))
Can parents access all types of their minor child's medical records?
Generally yes under HIPAA, but not when law lets the minor consent to care (such as STD services, pregnancy-related care, many outpatient mental health services, or substance use treatment). D.C. mental health law also requires joint youth–parent authorization for many disclosures when the youth is 14–17. ([hhs.gov](https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html))
What guidelines regulate minor vaccination consent in DC?
The Consent for Vaccinations of Minors Amendment Act of 2022 (effective March 10, 2023) lets specified minors (for example, emancipated, married, unaccompanied homeless, pregnant, or separated and unsupported) consent to ACIP-recommended vaccines. For others, a provider must make reasonable attempts to contact a parent and proceed only if there is no objection; if a parent objects, a court order is required. The 2024 law on 16–17-year-old Medicaid/Alliance enrollees does not cover vaccines. ([code.dccouncil.gov](https://code.dccouncil.gov/us/dc/council/laws/24-312))
Ready to simplify HIPAA compliance?
Join thousands of organizations that trust Accountable to manage their compliance needs.
