Along with electronic health records and the Health Insurance Portability and Accountability Act (HIPAA) have come hundreds of breaches of patient confidentiality.
For example, a UCLA Health System breach that resulted in an $865,000 settlement with federal regulators after employees illegally accessed celebrity medical records without authorization.
Where are the “leaks” in health records about you? Here are 5 places your medical privacy could be at risk, and what you can do about it.
1. On Healthcare Workers’ Mobile Devices
The good news is that the number of major medical information breaches has fallen since 2010. However, theft accounts for over half of reported cases, and many of those thefts were of mobile devices. Physical security of devices can typically be addressed in a straightforward manner, and simple awareness is an important step. Does your doctor’s office use tablets to collect and store information about you? If so, ask questions, and if you don’t get straight answers, consider finding a practice with better security. Physician practices need to be held accountable when it comes to actions that could result in loss of medical privacy.
2. In the Cloud
The term “big data” refers to tools and procedures that allow management of very large sets of data. Many big data processing operations are in the cloud, and big data is capable of taking many disparate elements and analyzing them to create remarkably accurate individual profiles. Corporations are also more brazen about simply asking for data that would have been unthinkable a generation ago. A Horizon Blue Cross client sued the insurer after the company asked for all online data from their daughter’s social networking pages after a dispute over an insurance claim for the girl, who had anorexia.
3. On Social Media Sites
You wouldn’t think healthcare providers would discuss patients on social media sites, but it has happened many times. Several nurses working at Tri City Medical Center in California were disciplined after allegedly posting patient information on Facebook. A worker at Providence Holy Cross Medical Center in California posted a photo of a woman’s medical record on Facebook that included her name and date of admission, as well as disparaging comments about her. Providence, who said the worker was provided by a staffing agency, assured the media that the individual would never work in a Providence facility again.
4. In Your Doctor’s Unencrypted Medical Records
Weak passwords allowed hackers to gain access to the computer network of The Surgeons of Lake County in Illinois and steal Social Security numbers, credit card numbers, and medical information about patients. The hackers then encrypted the data so physicians couldn’t access it and demanded ransom in return for a password. The promises of cost savings and federal incentives have physician practices converting records into digital files, and sometimes they do so without having robust data security policies in place. In fact, HIPAA requires healthcare providers to perform risk analysis of data protection, but many healthcare facilities have been remarkably careless about doing so.
5. In Your Own Hands
Many people use smartphone apps to track blood sugar or blood pressure, or to help them https://aboutmedicalassistantjobs.com/author/joeking/. Phones now contain personal medical information, yet medical apps aren’t covered by HIPAA, and the FDA limits oversight to apps that “could present a risk to patients if the apps don’t work as intended.” Because of this lack of oversight, a company making such apps can basically do whatever they want with the medical informationthe app user enters. Some apps allow password protection, which is imperfect at best. Furthermore, many apps encourage users to share information via email with physicians, pharmacists and others. It’s up to you to choose whether or not to enter sensitive information into healthcare apps, because for the most part they are unregulated.
Awareness is the first step to protecting your medical information. Don’t be afraid to ask questions of your physician’s practice. The more patients speak out about concerns, the more likely practices are to take them seriously, particularly as more healthcare providers have to pay fines for HIPAA violations due to data breaches. Don’t enter personal information into apps or online surveys unless you are comfortable with that data being shared, because it will be.
When you purchase prescription drugs online like , learn about the provider’s commitment to HIPAA compliance, as well as standard data security practices like Secure Socket Layer encryption. If you get vague or unsatisfactory answers, go elsewhere. We take customer medical, identity, and credit card information security very seriously. We are HIPAA compliant and use SSL technology for all transactions. Furthermore, we never sell, rent, or otherwise share your information with any third party. Your medical information is private and valuable, and in the age of electronic health records, you have to do your part to ensure the safety of this sensitive information.