Do you know where your medical records are?
Chances are if you have a health insurance plan with a major carrier, your history of physical ailments is safely housed in a locked filing cabinet or spinning on a secured server amongst other bits and bytes of data. But for every doctor's visit you make, another set of prying eyes or misplaced portable hard drive could threaten your personal information. It's a disturbing trend that's becoming more frequent than you might imagine.
Pittsburgh-based Highmark Insurance Company is in the process of notifying 3,700 members that documents containing their names, policy identification and social security numbers were missing. It is the second such data spill involving the dominant local health insurer in four months. The company told members that in January, the company mailed a premium billing statement to Boscov"s Department Store, a regional client of the company. The envelope was reportedly damaged and with pages were missing.
In its defense, Highmark said there is no reason to believe the information was stolen, but the pages included the names and other identifying information for some 3,700 members, according to Highmark officials.
Last October, an employee with Blue Cross and Blue Shield's national association reported a stolen database which contained the names, addresses, and social security numbers for tens of thousands of doctors. The information had been decoded and downloaded onto an unidentified employee"s personal laptop, which was stolen from his car. In both cases, the company offered free credit monitoring to the people affected.
The Connecticut attorney general sued one of its dominant
medical health insurance companies, Health Net, claiming it failed to adequately protect the medical records of 446,000 customers whose private data was contained in a computer disk drive that was found to be missing last spring.
When HIPPA (Health Insurance Portability and Privacy Act) was passed into law, the U.S. Government was attempting to head off data breaches before electronically-transmitted medical records became commonplace. But the problem with 'data leaks' has spawned an entirely new industry of information security firms specializing in securing your personally-identifiable information. A hospital can manage more data on a person than almost any other kind of organization. However, health care analysts report more than 1.5 million patient names have been exposed by data breaches over the past several years.
To protect Patient Health Information (PHI), the Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare organizations implement a number of rigorous technical safeguards. Securing data on desktops, laptops, notebooks, and smartphones and external storage devices like flash drives. These mobile devices must be fully protected by access control with unique user identification, audit control with reports of data usage and the consistent enforcement of several other HIPAA security policies.
HIPAA requires safeguards to limit the number of people who have access to personal information. Given the number of people who may have access to your information just to run the operations and business of the health care provider or plan, there is no realistic way to count the number of people who may come across your records. If you are hospitalized, for example, hundreds of hospital employees may see your health information.
So what can you do to protect yourself?
The Privacy Rights Clearinghouse, a national consumer advocacy organization, offers these important tips to keep your medical records more secure.
Access to your own medical records - Prior to HIPAA, was not guaranteed by federal law. Only about half the states had laws requiring patients to be able to see and copy their own medical records. Now HIPAA gives everyone the right to see, copy, and request to amend their own medical records.
You can file a complaint - Your health care provider and/or the Department of Health and Human Services would like to hear from you if you believe a health care provider or health plan has violated your privacy.
Protect your name - You have a choice when it comes to having your name included in a hospital directory. You can also choose to have your medical information discussed with designated immediate family members, close friends, or relatives.
