Is Your Medical Data Safe? What Consumers Should Know About Medical Data Privacy - Julia Merrill

If you think the information you share with your doctor doesn’t leave the office, you’re in for a shock: Medical data is commonly shared with data brokers, pharmaceutical companies, and even web giants like Google. Not only is it perfectly legal to sell this de-identified information, but medical practices and insurance companies don’t have to ask consumers’ permission before sharing their most private data.

While medical data is required to be stripped of personally identifying information before it’s sold to the secondary market, that doesn’t necessarily mean your personal data is safe. With medical data passing through so many hands, it’s at risk of being stolen by malicious actors. In some cases, it’s even possible for that data to be tracked back to you. As a conscious patient-consumer, staying informed is crucial to protecting yourself.

Medical Data Breaches and Ransomware Attacks Multiplying Rapidly

“More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus,” reports Engadget. Read more.

Advisory Board: “Just because something is anonymized, it is still possible to identify who that is when you merge that record with other records that are available. ... Harnessing [de-identified patient] data for research purposes and targeted therapies is all great unless it falls into the wrong hands,” according to Sam Hanna, director of George Washington University’s online master’s degree in health informatics program, speaking to Modern Healthcare. Read more.

Which Companies Have Access to My Personal Health Information

According to the American Patient Rights Association, approximately 4 million businesses, many of which operate outside the healthcare industry, can access your health records, including employers, banks, financial institutions, marketers, and data miners, to name a few. Additionally, many health-related websites collect information about your medical history. Read more.

HIPAA Journal states that “While federal rules are now being largely adhered to by healthcare providers, health plans, healthcare clearinghouses and BAs, medical records are perhaps not quite as private as many Americans believe. Data sharing is strictly controlled, but HIPAA Rules on data sharing also allow health information to be shared with other entities ... For instance, HIPAA Rules allow Protected Health Information to be shared with the government and law enforcement agencies.” Read More.

“The legal right of businesses to harvest and sell the information of individual patients without their permission has been upheld by the U.S. supreme court, thanks to a case in which conservative justices ruled in favor of IMS Health and against the attorney general of Vermont,” The Guardian reports. Read more.

What Can I Do to Protect Myself? What Can I Do if My Medical Records Are Stolen?

“Ask your doctors, healthcare facilities, and insurer how they share your medical information. Find out what type of information they share and with whom. If you don’t want this information shared, ask how you can opt out,” explains Pinnacle Care. Read more.

If your medical records have been stolen, file an Identity Theft Report with the Federal Trade Commission and check your medical records to check for fraudulent information or treatments, Experian advises. If you find false information, contact the provider with a copy of the Identity Theft Report to request a correction. Read more.

The Parallax: “If someone has stolen your information, you’re probably not going to find out about an issue until something happens, or it trickles back, potentially years later ... important to regularly monitor your accounts and information for suspicious activity —not just immediately following a breach, but also for the foreseeable future,” said Mirick O’Connell, attorney and chairman of The Health Law Group. Read more

What Medical Practices are Doing to Protect Patient Health Information

Health Tech Zone reports that “Addressing the multitude of security, privacy and regulatory challenges being faced on an almost daily basis by healthcare organizations, HITRUST – the Health Information Trust Alliance – was created in 2007 by a consortium of healthcare and IT professionals to guard against such data breaches and provide an efficient, prescriptive, and readily applicable framework for managing the security requirements inherent in the HIPAA (the Health Insurance Portability and Accountability Act of 1996), which provides for data privacy and security provisions to safeguard sensitive medical information.” Read more.

“Organizations that are HITRUST certified have demonstrated that they have effective security and privacy practices in place that are in line with strict healthcare industry regulations like HIPAA (as well as all the requirements of the HITRUST CSF). Because covered entities may be liable for their business associates’ or subcontractors’ violations, a HITRUST certification serves as an additional layer of regulatory protection for healthcare organizations,” reports Datica. Read more.

Data privacy is an increasingly pressing concern for consumers today. While most people think of credit card and financial data when discussing data privacy, the sale and theft of medical data are no less concerning. By informing themselves about the risks and taking precautions to protect their medical data, consumers can reduce the risk that their personal information is shared, sold, or used without their consent.

Image via Unsplash