Ultrasound Records Privacy: Who Can Access, Your Rights, and How They’re Protected

Patient Access to Ultrasound Records

Your ultrasound report and, in most cases, the images themselves are part of your designated medical record. Under the Health Insurance Portability and Accountability Act (HIPAA), you have the right to inspect or obtain copies of these records within a set timeframe, typically 30 days.

Access extends to your personal representative, such as a legal guardian or someone with a valid healthcare power of attorney. For minors, access often rests with parents or guardians, but State Medical Record Laws may give minors control over records related to specific services (for example, reproductive health), so local rules can narrow or expand parental access.

Clinicians, imaging centers, and health plans may use and disclose your records without additional permission for treatment, payment, and healthcare operations. Other disclosures—like to employers, schools, or marketers—require your written authorization unless a specific legal allowance applies.

When records include information about another person, or sensitive details protected by stronger state statutes, your provider may redact portions before release rather than deny your request entirely.

Requesting Ultrasound Records

You can request your ultrasound records directly from the imaging center, hospital, or your clinician’s office. Ask for both the final radiology report and the images, specifying your preferred format (for example, electronic portal download, encrypted email, or DICOM files on a CD/USB).

Submit a written request or use the provider’s form. Expect identity verification, which can include a government-issued ID or in-portal authentication. If you are acting for someone else, include documentation proving your authority as a personal representative.

You may direct the provider to send an electronic copy to a third party, such as another clinician, by stating the recipient and delivery method in writing. For time-sensitive needs—like an upcoming appointment—note your deadline so staff can prioritize fulfillment where feasible.

Many organizations offer patient portals that let you view and download reports at no cost. If images are large, the facility may provide secure transfer links or physical media to ensure reliable delivery.

Fees and Costs Associated

Providers may charge a reasonable, cost-based fee for copies. Permissible charges generally include labor for making the copy, the cost of supplies (for example, a CD/USB), and postage if mailed. Per-page fees are not appropriate for electronic copies, and many portals provide free access to view or download your report.

Facilities sometimes offer flat rates for imaging media due to the size and handling needs of DICOM files. If you ask for a prepared summary rather than the full record, a separate fee may apply, but only with your prior agreement.

State Medical Record Laws can set additional limits or caps. If a quoted fee seems high, ask the records department to itemize costs so you pay only what HIPAA allows.

Conditions for Denial of Access

Most requests must be honored, but HIPAA permits limited denials. Common grounds include a licensed professional’s belief that access would likely endanger life or physical safety, information compiled in anticipation of litigation, or records that would reveal confidential sources.

Ultrasound images are not “psychotherapy notes,” so the Psychotherapy Notes Exception does not apply to them. If only a portion of your record triggers a valid exception, the provider should release the rest and redact the sensitive parts.

If access is denied for safety reasons, you can seek a review by a different licensed professional not involved in the original decision. Some organizations route appeals through a Medical Record Access Review Committee to ensure fair, consistent outcomes.

People in correctional facilities, research participants who agreed to temporary access suspension, or individuals requesting records subject to other specific legal restrictions may face tailored limitations. Even then, providers should explain the reason and how you can appeal or obtain alternative access.

Legal Protections and State Laws

HIPAA sets a national privacy baseline for Ultrasound Records Privacy. It requires safeguards, limits unnecessary disclosures, and gives you rights to access and request corrections. The Breach Notification Rule compels covered entities to notify you if unsecured protected health information is improperly accessed.

State Medical Record Laws can be more protective than HIPAA. States often add extra consent requirements for sensitive services, strengthen rights for minors in defined circumstances, or impose shorter response deadlines. When state law is stricter, providers must follow it.

Federal interoperability and information-sharing rules further encourage timely, electronic access to your health information while preserving privacy. Across all layers of law, providers and their contractors carry ongoing Confidentiality Obligations to protect your data.

Record Retention Policies

Record Retention Requirements vary by state and facility policy. Many providers keep adult imaging records for at least 5–7 years; records for minors are commonly retained until a set period after the age of majority. Some specialties maintain images longer to support continuity of care.

Retention policies typically distinguish between reports and source images, but both are preserved for clinically appropriate periods. When the retention window closes, records are destroyed securely to prevent unauthorized access. You can request copies at any point during the retention period.

If you anticipate needing your ultrasound for future care, ask whether the provider can retain it longer or supply you with a personal copy in a durable format like DICOM plus a viewer.

Privacy Safeguards and Compliance

Providers must implement Patient Information Safeguards across administrative, technical, and physical layers. These include policies and training, access controls with role-based permissions, audit logs, encryption in transit and at rest, and secure disposal of media.

Only authorized users should access your ultrasound, and each access is traceable. Business associates—such as cloud vendors—must sign agreements and meet the same Confidentiality Obligations as the provider.

Facilities conduct risk assessments, test incident response plans, and follow the “minimum necessary” standard for routine disclosures. If a breach occurs, they must investigate, mitigate harm, and issue required notifications within legally defined timeframes.

FAQs.

Who is allowed to access my ultrasound records?

You, your personal representative, and your current or future clinicians can access records for treatment without extra permission. Health plans may access them for payment, and providers may use them for healthcare operations. Other parties generally need your written authorization unless a specific law permits disclosure.

How can I request my ultrasound records?

Contact the imaging center or provider’s medical records department, request both the report and images, choose your format (portal, encrypted email, DICOM on CD/USB), and complete any required form with ID verification. Note any deadlines and, if needed, direct an electronic copy to another clinician.

What fees can healthcare providers charge for ultrasound record copies?

They may charge a reasonable, cost-based fee covering labor, supplies, and postage. Electronic portal downloads are typically free, and per-page fees do not apply to electronic copies. State rules may further cap charges, so you can ask for an itemized breakdown.

Can access to ultrasound records be legally denied?

Yes, but only in limited situations, such as when a licensed professional believes access would likely endanger someone’s safety or when information was compiled for litigation. You can usually appeal denials, and providers should release non-sensitive portions with necessary redactions.

What privacy protections exist for ultrasound records under HIPAA?

HIPAA requires safeguards to protect your data, limits unnecessary disclosures, and guarantees your right to access. It also mandates breach notifications if unsecured information is exposed. State laws may add stronger protections that providers must follow.

In summary, you control access to your ultrasound records, can obtain timely copies in your preferred format, and benefit from layered federal and state protections. Understanding your rights—and the safeguards providers must follow—helps you use your records confidently and securely.