HIPAA and DOT Physicals: What’s Shared, What Stays Private, and Your Rights

HIPAA Privacy Rule Overview

During a DOT physical, your medical details are Protected Health Information (PHI). Under the HIPAA Privacy Rule, clinics and certified medical examiners are covered entities or business associates, and they must apply confidentiality safeguards and the minimum-necessary standard to any PHI they use or disclose.

HIPAA allows PHI disclosures for specific purposes without your Patient Authorization when required by law. In the DOT context, that primarily means limited reporting to meet FMCSA compliance obligations and issuing the Medical Examiner’s Certificate that verifies you are medically qualified to drive. These PHI disclosure restrictions prevent broad sharing of diagnoses or test results with your employer.

In practice, the medical examiner shares only what is necessary for regulatory compliance and public safety. Detailed findings remain in your medical record, while your certification status and any driving restrictions are what move forward to support compliance steps.

• Permitted without authorization: mandated reports to the National Registry and the issuance of your certification card for FMCSA compliance.
• Requires authorization: release of the long-form medical report or other detailed PHI to an employer or third party.
• Always required: confidentiality safeguards and adherence to PHI disclosure restrictions.

DOT Physical Examination Requirements

A DOT physical evaluates whether you meet the federal medical standards to operate a commercial motor vehicle safely. It is not a general wellness exam; it focuses on conditions that could impair safe driving and is performed by a professional with Medical Examiner Certification listed on FMCSA’s National Registry.

You complete a health history, then undergo a targeted exam that typically reviews vital signs, vision, hearing, cardiovascular and neurological status, and a urinalysis (not a drug test). The examiner determines if you are qualified, may be qualified with restrictions, or temporarily disqualified pending additional information or treatment.

Most qualified drivers receive a certificate valid for up to 24 months. Some conditions result in shorter certification intervals to ensure continued monitoring and safety.

Understanding Medical Examination Report MCSA-5875

The Medical Examination Report (MER), Form MCSA-5875—often called the “long form”—documents your history, examination findings, test results, clinical reasoning, and the qualification decision. It is the comprehensive record of the visit and forms the basis for your fitness determination.

This long form contains detailed PHI. It is maintained by the medical examiner and, in many cases, by the clinic’s health record system. Employers do not automatically receive it. Release to an employer or other party usually requires your Patient Authorization unless a specific legal requirement applies.

• What it includes: history, exam findings, medications, relevant test results, and the rationale for the determination.
• Who gets it: you may request a copy; otherwise it stays with the examiner under confidentiality safeguards.
• Why it matters: it supports the decision on medical qualification and any restrictions that appear on your certificate.

Medical Examiner's Certificate MCSA-5876 Explained

The Medical Examiner’s Certificate (MEC), Form MCSA-5876, is the document you carry and provide for compliance purposes. It confirms whether you are qualified, lists the expiration date, and notes any restrictions (for example, corrective lenses or use of a hearing aid) or required variances.

Unlike the long form, the MEC contains only limited, need-to-know information. It does not include diagnoses or detailed exam data. Its purpose is to support FMCSA compliance steps with your employer and state licensing processes without exposing your full medical history.

• What’s on it: certification status, validity period, and any driving-related restrictions or variances.
• What’s not on it: detailed PHI, test values, or clinical notes from the long form.
• How it’s used: to verify medical qualification for your Driver Qualification File and related compliance checks.

Employer Access to Medical Records

Employers generally receive the MEC to verify your medical qualification. For the Driver Qualification File, motor carriers maintain proof of your current medical certification status. The detailed MER (MCSA-5875) is not part of routine employer records and usually requires your Patient Authorization for release.

If an employer requests your long form or other detailed PHI, you may decline unless a law or regulation requires disclosure. When you do authorize a release, you can specify exactly what may be shared and for what purpose. Even when information is shared, employers should apply confidentiality safeguards and limit access to personnel with a compliance need to know.

• Routinely shared: MEC details necessary for compliance and safety.
• Shared only with authorization: MER long form, lab values, diagnoses, or treatment notes.
• Best practice: keep medical documents secured and separate from general personnel files.

Reporting Obligations for Medical Examiners

Certified medical examiners must follow FMCSA rules that include maintaining the MER and related documentation for a defined retention period and reporting exam results through the National Registry as required. These obligations are fundamental to FMCSA compliance and quality oversight of the program.

Reporting is limited in scope and does not transmit your full medical chart. Examiners apply the minimum-necessary standard, share only what regulations require, and safeguard PHI at rest and in transit.

• Maintain records: retain the MER and supporting documents for regulatory review.
• Report results: submit required data to the National Registry within designated timeframes.
• Protect privacy: disclose only what regulations require and secure PHI against unauthorized access.

Individual Rights to Medical Record Access

Under HIPAA, you have the right to access and obtain copies of your DOT physical records, including both the MEC and the MER. You may request electronic or paper copies and ask that information be sent to a designated recipient. Reasonable cost-based copy fees may apply.

You can also request corrections to your record, ask for restrictions on certain disclosures, and seek an accounting of non-routine disclosures. While providers must consider restriction requests, they may decline when a disclosure is required for FMCSA compliance or by law.

• Access: obtain your MEC and MER to keep for your own records.
• Amend: request corrections if something is inaccurate or incomplete.
• Restrict: ask to limit disclosures; required legal disclosures may still occur.
• Revoke: you can revoke a prior authorization in writing for future disclosures.

Bottom line: your detailed PHI stays with the examiner, your certification status moves forward for compliance, and you control additional disclosures through authorization and your HIPAA rights.

FAQs

What medical information is protected under HIPAA during DOT physicals?

Your health history, examination findings, test results, diagnoses, medications, and the complete MER (MCSA-5875) are Protected Health Information. HIPAA’s PHI disclosure restrictions require confidentiality safeguards and limit sharing to what is necessary for FMCSA compliance, such as issuing the MEC (MCSA-5876), rather than your detailed medical data.

Can employers access my detailed DOT physical medical records without my permission?

Generally no. Employers typically receive only the Medical Examiner’s Certificate to verify your qualification for the Driver Qualification File. The long form (MCSA-5875) and other detailed PHI require your Patient Authorization unless a specific law mandates disclosure.

How often are DOT physicals required for commercial drivers?

Most drivers are certified for up to 24 months. Some conditions may lead to shorter certification periods to ensure monitoring and safety. Your medical examiner will set the interval based on federal standards and your individual health status.

What are my rights to access and restrict disclosure of my medical records from DOT physicals?

You may obtain copies of your MEC and MER, request amendments, and ask for restrictions on non-required disclosures. You can also revoke prior authorizations in writing. Disclosures required by law or for FMCSA compliance may proceed even if you request a restriction, but otherwise your authorization controls further sharing.