Each week, it seems like there’s a new data breach or cyberattack against a major company, often compromising millions of consumers’ information. Although many people assume these attacks are primarily targeted at banks or retailers, the fact is that hospitals, health insurance providers, and other medical institutions are frequent targets as well. Sadly, many hospitals and doctors aren’t adequately protecting patients’ health records.
Check out these resources to know more about how your medical information can be used and how to protect yourself.
Medical Information is Increasingly Vulnerable to Cyber Attacks and Data Breaches.
- The Wall Street Journal: “Technology and health-care companies” like Apple and UnitedHealth Group, Inc., “are competing to develop new ways for consumers to corral their digital health data, prompting questions about data privacy and control.” Read more.
- According to CBS, the Department of Health and Human Services handles hundreds of medical data breaches per year, and “some of that information winds up for sale on the internet’s dark web.” Read more.
Who Can Access Your Health Information?
- HIPAA Journal: “HIPAA Rules on data sharing also allow health information to be shared with other entities … For instance, HIPAA Rules allow Protected Health Information to be shared with the government and law enforcement agencies.” Read more.
- According to Healthcare IT News, reports accuse Facebook of illegally sharing its users’ “privately posted personal health information,” creating an “ongoing risk of death or serious injury to Facebook users.” Read more.
- “Over 4 million businesses, many outside the healthcare industry” can already access your health records, according to the American Patient Rights Association. This includes, but is not limited to: insurance companies, government agencies, employers, banks and financial institutions, researchers, marketers, drug manufacturers, data miners, and transcribers, whether located in or outside the U.S. Additionally, if subpoenaed in a court case, your health records can become publicly available to the public. Read more.
What Steps Should Medical Providers Take to Protect Patient Data?
- Consumers can look for healthcare providers, hospitals, and medical companies that not only comply with HIPAA but are also HITRUST certified for extra protection. When choosing a provider, ask for a copy of the organization’s HITRUST certification paperwork, then send it to the HITRUST Alliance for confirmation of authenticity. You’ll need to “provide a copy of the PDF in question and evidence showing you received it from the organization.” Read more.
- “The HITRUST CSF is the most widely adopted information privacy and security risk management framework among healthcare organizations in the United States. In addition, many organizations outside of the U.S. have also implemented the HITRUST CSF,” reports Datica. Read more.
How Can You Protect Your Personal Health Records?
- The Parallax: “If someone has stolen your information, you’re probably not going to find out about an issue until something happens, or it trickles back, potentially years later… [Therefore] regularly monitor your accounts and information for suspicious activity — not just immediately following a breach, but also for the foreseeable future.” Read more.
- “The Federal Trade Commission warns consumers to look out for bills for medical services you didn’t receive, calls from collectors about medical debt, or notices from your health plan about reaching your benefit limit. Carefully check statements and read
- through explanation of benefits mailings to make sure they match up with the time, place, and services you actually received,” advises Komando. Read more.
Although HIPAA compliance is a step in the right direction, it’s unfortunately not enough to keep your data safe. Even if your doctor or hospital claims to be HIPAA-compliant, ask them how they collect, store, and protect patient information. If possible, choose providers who maintain HITRUST certification. Above all else, continually monitor your credit, accounts, and explanation of benefits information. If you notice anything suspicious, even if you’re unaware of a recent breach, take appropriate action.
Disclosure of Material Connection: Some of the links in the post above may be “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission.
Regardless, I only recommend products or services I use personally and believe will add value to my readers.