How private are your medical records?

Regardless matter whether medical records are digital, paper-based, or both, there is always a chance of human mistake and theft. How confidential are your medical records, then? 

For inappropriately accessing the medical data of 61 patients, including Britney Spears, Maria Shriver, and Farrah Fawcett, a veteran UCLA Medical Centre staffer was recently sacked.

An unencrypted laptop holding MRI results, names, birthdates, and some Social Security numbers of participants in a clinical trial operated by the National Institutes of Health had been taken from the trunk of a worker’s car.

A former employee of New York-Presbyterian Hospital/Weill Cornell Medical Center’s patient admissions department was detained after it was discovered that they had reportedly accessed almost 50,000 computerised patient information and sold at least 2,000 of them.

What are our medical records?

Let’s first define what medical records are. We’re talking about your medical history (and frequently the history of your family), lifestyle decisions (such as smoking), bills, claims, prescriptions, lab results, doctor’s opinions, appointment records, outcomes of operations and other medical procedures, genetic testing, involvement in research projects, and even details provided on insurance applications, such as your Social Security number.

In order to keep this information as private as possible, the doctor-patient privilege has been in place for decades. However, more individuals than ever before now have access to our medical records. We are compelled to entrust our privacy concerns to physicians’ offices, hospitals, medical facilities, insurance companies, employers, health maintenance organisations (HMO), and other medical professionals due to the rising digitization of records and information sharing across the medical industry.

What privacy protections are there?

The federal Health Insurance Portability and Accountability Act (HIPAA) has established a nationwide standard for how health care providers, health plans, and health clearinghouses should handle electronically stored medical information. Notably, HIPAA protection does not apply to your financial data, your child’s educational records, or your job records.

A Notice of Privacy Practises from a health care provider that details the provider’s privacy policies must be signed by the individual under the HIPAA regulations. Your medical records may be released for “routine” reasons after this notice has been signed without further authorization from you or notification. You must be given information on how to get copies of your personal records as part of this notification.

The HIPAA was enacted to make it easier for organisations that require access to medical information to share it, especially in emergency situations or when switching providers. According to the HIPAA, “in a matter of seconds, a person’s most profoundly private information can be shared with hundreds, thousands, even millions of individuals and organisations at the same time…”

Of fact, this phrasing was intended to highlight the positive impacts of the Act, but when read with the prospect of computer hackers, improper data processing, and human error in mind, it may seem downright unsettling.

The Department of Health and Human Services has received around 35,000 allegations of privacy violations since the HIPAA’s inception in 2003, yet no one has been penalised. The agency claims that “voluntary compliance” has been attained in 6,000 cases.

200 criminal prosecutions have purportedly been filed by the Department of Justice since 2003 under a law that incorporates the HIPAA, however it is unclear how many of those are genuinely HIPAA-related.

Speaking of the federal government, the Federal Bureau of Investigation (FBI) is another agency that could have access to your medical information. In order to safeguard against global terrorism, the FBI is permitted by the Patriot Act to secure your medical information while an investigation is ongoing. The Patriot Act does not mandate that you be informed prior to the disclosure of your medical records, unlike HIPAA.

Keep in mind that while your state may not give as much privacy protection as the HIPAA does, it still may.

Personal healthcare records

There are even more plans to computerise data and publish them online outside of traditional healthcare organisations thanks to electronic medical record management of Personal Healthcare Record (PHRs).

Microsoft has already implemented “HealthVault,” which allows people to maintain their medical records online. A comparable device is now being tested by Google as part of a programme dubbed “Google Health.” Both would let users enter personal and medical data, manage the degree of access granted to certain parties, and revoke consent at any moment.

You should read the privacy policies and conditions of use carefully and be sure to check for any changes when provided updated notices because many of these PHR services are exempt from HIPAA laws.

Ways to protect privacy of medical records

While the law provides some protection, there are other steps you may take to assist maintain the confidentiality of your medical data. The Privacy Right Clearinghouse suggests a number of actions, including the following five:

  • When requested to sign a release, attempt to keep the amount of information disclosed to a minimum by replacing the boilerplate language with more precise wording.
  • Tell your doctor about your privacy concerns.
  • Request that your healthcare practitioner make no more copies of your records than are required.
  • Enquire about the fax machine and wireless communication policies of your healthcare provider.
  • Be aware that health screenings and questionnaires used for marketing purposes may collect and share your medical information at malls and other public locations.

Regardless matter whether medical records are digital, paper-based, or both, there is always a chance of human mistake and theft. Knowing your rights, the relevant laws, and keeping a careful check on how your records are used, kept, and communicated are the best ways to preserve your privacy.