daftei logo daftei
how-to

How to Store Personal Health Records Privately

Medical records sell for up to $1,000 on dark web markets. Here's how to keep your personal health data under your control instead of a hospital's cloud.

11 min read

A stolen credit card number is worth a few dollars on underground markets. A stolen medical record is worth up to $1,000.

The value gap is explained by what medical records contain. Credit cards can be cancelled. Medical records contain your name, date of birth, Social Security number, insurance information, diagnosis history, prescription history, and provider details — enough to commit medical identity theft, file fraudulent insurance claims, or blackmail someone, and none of it can be “cancelled” after the fact.

Healthcare was the most breached industry sector for several years running through 2025. Hospitals, clinics, and health insurers collectively hold enormous repositories of sensitive patient data, and their security track record has been poor relative to the value of the data they hold. But the healthcare system’s security problems are not the only source of risk. The way most people personally manage their medical records creates additional exposure that most people don’t think about.

The Records You Have vs. the Records They Hold

When you visit a doctor, a hospital, or a specialist, records of that visit exist in at least two places: in the provider’s electronic health record system, and in your memory. Many people have essentially no personal copy of their medical history beyond what they can remember.

This creates both a practical and a privacy problem.

Practically: if you change providers, move to a new city, need to see a specialist in an emergency, or want a second opinion, the record of your history is held by institutions that may or may not share it efficiently with each other. Medical record portability has improved with legislation in the US requiring providers to share records on patient request, but in practice, accessing your own records still involves navigating different patient portals with varying quality, paper fax requests, and delays.

From a privacy standpoint: the more systems that hold your records, the more attack surfaces exist for breaches. Each provider, each health system, each insurer that holds your data is a separate potential breach point. Every patient portal you have an account on is a username and password someone could compromise.

Building your own private copy of your health records doesn’t eliminate those risks on the provider side. But it gives you something important: control over one version of your health history, stored where you decide, under conditions you set.

What Records to Collect

The health records worth maintaining a personal copy of include:

Discharge summaries: After any hospitalisation, the discharge summary describes what happened, what was treated, what medications were prescribed at discharge, and what follow-up is recommended. These documents are dense with clinical information and often get lost in transitions between care settings.

Lab results: Blood tests, pathology results, imaging results. Understanding your own baseline values over time is useful, and labs are the kind of record that’s easy to lose when providers change systems.

Diagnostic imaging reports: Radiology reports for X-rays, MRI scans, CT scans. The images themselves may be large, but the written radiologist report is the summary that matters clinically.

Specialist letters and consultation notes: When a specialist writes back to your primary care provider after a consultation, that letter often contains the clearest summary of a complex condition, treatment plan, and prognosis.

Medication history: A personal record of what you’ve been prescribed, at what dose, for what condition, and whether it worked or caused side effects. This is useful context for any new provider who needs to prescribe for you.

Vaccination records: Especially relevant for travel, for starting new jobs in healthcare or education, and as children age and move away from their parents’ records.

Allergy documentation: Documented drug allergies and reactions, including the name of the medication and the nature of the reaction.

Insurance explanation of benefits (EOBs): The documents your insurer sends after a claim is processed. These serve as a cross-check against billing errors — a significant source of fraud in healthcare — and as a record of what care was received and what was paid.

Where Most People Go Wrong

The most common approach to personal health record keeping is some combination of email forwarding, photos of paper documents, and screenshots of patient portal pages, stored in a general cloud folder without organisation or consistent naming.

This approach breaks down because:

Search is ineffective. A folder of images named “IMG_3921.jpg” is not a searchable archive. Finding a specific lab result from three years ago requires scrolling through dozens of files.

Access is unpredictable. If the files are in a cloud folder that’s synced to one device and you’re at a specialist appointment without that device, you may not have access when you need it.

Privacy is determined by the folder’s host. Google Drive, Dropbox, and OneDrive hold the encryption keys for your files. Your medical history in a Google Drive folder is accessible to Google under Google’s terms, and can be produced in response to legal process.

Retention is unclear. Emailing records to yourself in Gmail stores them indefinitely in an account that Google’s AI features can now access and analyze.

A medical record is one of the most sensitive categories of personal data. Storing it with the same tool and level of intentionality as a grocery list is a mismatch between the sensitivity of the content and the care applied to protecting it.

HIPAA Doesn’t Protect Consumer Health Apps

A critical point most people misunderstand: HIPAA, the US federal health privacy law, applies to healthcare providers, health insurers, and their business associates. It does not apply to consumer wellness apps or personal health record storage services.

When you store your medical records in a consumer app — even one marketed as a “health record” app — that app is typically not subject to HIPAA. Its obligations to protect your health data are determined by its own privacy policy, not by federal health privacy law.

This matters because:

  • The app can sell or share your health records subject only to its own terms
  • A data breach at the app doesn’t trigger the HIPAA breach notification requirements that apply to covered healthcare entities
  • The federal enforcement mechanisms that can fine hospitals for privacy violations don’t apply to consumer health record apps

Proposed HIPAA amendments in 2025 and 2026 aimed to extend some protections to a wider range of health data applications, but implementation has been slow and coverage remains incomplete.

When evaluating where to store your health records, the relevant question is not whether the service is “HIPAA compliant” — that phrase in consumer contexts often means the service has signed a Business Associate Agreement with healthcare providers, not that you as a consumer are protected. The relevant question is what the service’s own privacy policy says about how it handles your health documents.

What Good Private Health Record Storage Looks Like

The properties worth prioritising when choosing where to store personal health records:

Encryption at rest and in transit. The storage system should encrypt your files with strong encryption — AES-256 is the current standard — both when stored and when transferred between your device and the service. This protects against breaches of the storage infrastructure.

No content indexing for advertising or AI training. The service should not process the content of your files to derive commercial value from what your medical records contain. This rules out services whose business model involves content analysis.

Control over file retention. You should be able to delete files and have them actually deleted, on a timeline you control. A service that retains indefinite copies of deleted files, or that doesn’t clearly state its deletion policy, is holding your data beyond what you control.

Reliable access across devices. Health records are often needed in clinical settings, on devices other than your primary computer. Cross-platform access with a consistent interface matters in practice.

Data portability. You should be able to export your records at any time, in formats that are usable without the original service.

A Simple Organisation System

Maintaining a personal health record archive doesn’t require elaborate software. A consistent naming convention and folder structure does most of the work.

A practical naming convention: YYYY-MM-DD_description_provider.pdf

For example:

  • 2026-03-12_blood-panel-results_eastside-clinic.pdf
  • 2025-11-04_MRI-lumbar-spine-report_regional-imaging.pdf
  • 2026-01-28_discharge-summary_st-josephs-hospital.pdf

A simple folder structure by year, with subfolders by category, makes documents findable without search:

Health Records/
  2026/
    Lab Results/
    Imaging/
    Specialist Notes/
    Insurance/
  2025/
    ...

The discipline to maintain this is the harder part. The practical approach is to handle records at the moment they arrive: when a lab result comes in, save it immediately rather than letting it sit in email. When you’re handed paperwork at discharge, scan it that day rather than putting it in a pile.

Patient Portal Access and Exports

Most major healthcare providers in the US now offer patient portals under the requirements of the 21st Century Cures Act, which mandated electronic access to health records. Portals like MyChart, HealthGorilla, and provider-specific systems allow patients to view and download records directly.

Practically speaking:

Download, don’t just view. Viewing a lab result on the portal and relying on future access assumes the portal will continue to exist and that you’ll maintain access to the same account. Downloading creates a copy you control.

Request a record audit. Most portals allow you to see what records exist. Knowing what your provider has on file lets you identify gaps — records that should exist but don’t appear in the system.

Request paper records when portals are insufficient. US law requires providers to release medical records to patients on request within 30 days. Some records — notably detailed procedure notes and full imaging data — may not appear in portal interfaces and require a formal records request.

The Insurance Documentation Problem

Medical billing errors are common. Studies have estimated that a significant percentage of medical bills contain errors, some of which patients are asked to pay. The consequence of not keeping your own records is that you may have no basis for disputing a billing error.

Your insurer’s Explanation of Benefits document is your record of what was billed, what your insurer paid, and what you owe. Keeping these documents creates an audit trail that lets you:

  • Identify duplicate billing
  • Catch charges for services not received
  • Verify that provider negotiations with your insurer were applied correctly
  • Dispute claims that were denied with reference to specific dates and services

EOBs are typically available through your insurer’s online account for one to three years before they’re removed from the portal. Beyond that period, you’re dependent on requesting paper records. Downloading them as they arrive is easier than trying to reconstruct them later.

Sharing Records Safely

At some point, you’ll need to share health records with a new provider, a specialist, or a family member who’s managing care on your behalf.

When sharing:

Prefer secure file sharing over email. An email attachment is not encrypted beyond what your email provider applies. Using a secure file sharing link — one with an expiry date and download limit — is preferable.

Share the minimum necessary. A new primary care provider who wants your general medical history doesn’t need your complete psychiatric records. A specialist who wants to see your imaging doesn’t need your insurance documents. Sharing only what’s relevant limits exposure.

Don’t share via screenshots with OCR-readable text. Images of documents can be processed by AI tools to extract the text content, which then persists in the processing service’s systems. PDF exports from official sources are preferable.

Be cautious with patient portals that offer “share with provider” features. Some portals send health summaries directly to other providers electronically. Check what information is included in these summaries before authorising them — they may transmit more than you intend.

The Long Game

Medical history accumulates over decades. A record from a childhood diagnosis can become relevant thirty years later. The records you maintain now will be accessible when you need them — but only if the system you use to store them still exists, and only if you can still access your account.

This argues for:

  • Formats that remain readable without proprietary software (PDF over app-specific formats)
  • Services with clear long-term commitments around data retention and platform continuity
  • Periodic local backups, so your personal archive isn’t solely dependent on a single cloud service

Your health records are a longitudinal account of your body. Treated as such — as a record worth maintaining deliberately, stored with care appropriate to its sensitivity — they’re an asset. Left to accumulate in email and patient portals you may not always be able to access, they’re a liability waiting to matter at the worst possible moment.

The healthcare system will keep some version of your records. Whether you have a reliable, private, personally controlled version is your choice.

Your memories deserve better than an ad platform.

Try daftei free →
← All posts