Medical Records and Data Privacy

By Elena Stewart
Image via MART PRODUCTION at Pexels

---

Several major data breaches have made the news. And millions of medical records have been breached.
 
It’s bad enough knowing your credit card information could be out there, but access to medical records is an invasion of privacy. Yet that’s exactly what’s happening — and it’s not always illegal. In fact, some health providers are giving tech giants access to patients’ medical data.
 
The implications of patient data being stolen, shared, and sold are far-reaching, from stolen identities to skyrocketing insurance premiums.
Medical Data Breaches On the Rise

• “According to Protenus, a firm that helps health care companies protect data, there were 222 hacking incidents last year – up nearly 25 percent from 2017. In all, more than 11 million patient records were affected.”

 

• “While data breaches may feel all too common, the rate at which they're increasing, especially in the medical world, is cause for alarm. Just a few years ago, we were surprised when researchers reported that 29 million patient records were breached over four years. Now, we surpass that in six months,” Engadget reports.

Who Has Access to Your Personal Health Information?

• According to the American Patient Rights Association, “The Amended HIPAA Privacy Rule (2003) states only that you must receive a Privacy Notice telling you how your personal health information will be used and disclosed: Section 164.520(c) (2) (i) (A). Privacy Notices are often mistaken for consent forms, but they are simply notices telling you what will happen to your medical records.”
  

 

• Fast Company explains that “Healthcare providers can legally sell their data to a now-dizzyingly vast spread of companies, who can use it to make decisions, from designing new drugs to pricing your insurance rates to developing highly targeted advertising.”.

 

• When a patient goes through the healthcare system they encounter service providers who are loosely connected. For example, a surgery can incur separate bills from separate entities: the anesthesiologist, the radiologist, the surgeon, the hospital, and any rehab. It can get complicated quickly. Some doctors are small businesses, and while they’re concerned about patient safety, they may not have understood the urgency of cyber-security.

Protecting Your Personal Health Information

• “Occasionally review your electronic medical record. Check the record for errors or new diagnoses or treatments that you did not receive. Alert your doctors and other healthcare providers to the error and request that they correct your records,” Pinnacle Care advises. “Ask your doctors, healthcare facilities, and insurer how they share your medical information. Find out what type of information they share and with whom. If you don’t want this information shared, ask how you can opt out.”

 

• “If you believe your information was used or shared in a way that is not allowed under the HIPAA Rules, or if you were not able to exercise your rights, you can file a complaint with your provider or health insurer. The notice of privacy practices you receive from them will tell you how to file a complaint. You can also file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or your State's Attorney's General Office.

 
“If you believe that an online company that is not covered by HIPAA, such as a message board, has shared your health information in a way that conflicts with their privacy policy on their website, you can file a complaint with the Federal Trade Commission.”
What Your Doctor Can Do to Protect Personal Health Information

• HIPAA Journal explains that “Healthcare providers face a dilemma. They need to share data and make them accessible, yet by doing so they run the risk of data being exposed. The answer is to utilize cybersecurity technology and work with security companies to ensure protections are put in place that permit data sharing – in accordance with HIPAA Rules – but guarantees are provided that data is properly protected.”

 
As more healthcare providers adopt cybersecurity frameworks, medical records will hopefully become less vulnerable to theft. In the meantime, consumers must stay vigilant in monitoring their medical records for signs of identity theft and demanding transparency from healthcare providers who share their data with third parties.