With the ever-increasing use of technology to capture medical information into electronic formats so that it is easily accessible to all parties who are connected with an individual’s medical care, more hackers continue to violate our medical privacy today. According to Your Medical Records May Not Be Private: ABC News Investigation (9/13/2012), more of our health care information is hacked and sold on the Black Market to the highest bidder with it increasing daily. The users of this information are corporations, hospitals, insurance companies, pharmacies, pharmaceutical companies and purchasers of private insurance by committing medical fraud. More medical security breaches involving hospitals and other medical providers experience the majority of data breaches than any other business. "They've had to comply with HIPAA legislation and the HIPAA privacy act since 2004. And [they've also had to deal with] the HIPAA security rule, we're talking about PHI (personal health information), and digital format since 2005. So this is coming up on seven years and we're still seeing the escalation of these breaches," said IT security and privacy specialist Greg Porter, founder of Allegheny Digital.
Medical Records Privacy, fact sheet #8 found on the Privacy Rights Clearinghouse website, clearly explains the medical privacy issues outlining other ways personal health information is obtained where privacy is compromised. Requests can come from insurance companies through the Medical Information Bureau; government agencies such as Medicare, Social Security Disability, Worker’s Compensation and CDC; IntelliScript and MedPoint where prescription histories are stored; your credit card and checking acoount transactions; educational records for your children such as vaccination histories, sports physical exams, and visits to the school nurse; employers through employment background checks; employee health programs and FMLA requests; subpoenaed medical records for court cases; accreditation process for hospitals and doctors; participation in health screenings and surveys along with discussion forums participation are places where the Health Information Portability and Protection Act (HIPPA) coverage does not apply. “Few things could not be more damaging to an institution’s reputation than having to admit that it has lost or somehow allowed others to intrude into its patients’ private medical data,” said Beth Givens, director of the Privacy Rights Clearinghouse
The U.S. Department of Health and Human Services provides a list of breaches of 500 or more individuals at one entity where inadequate security measures exist. Consumers concerned about protecting their medical information beyond what is provided in HIPPA must turn to their state for protection. Expanded medical privacy rights for the consumer are initiated by state legislatures, which build upon HIPPA privacy rights to enact state laws. Located in the State Security Breach Notification Laws, this list provides hotlinks to forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands to its appropriate laws on security breaches. States without any security breach law are Alabama, Kentucky, New Mexico, and South Dakota. In addition, when examining the 2012 security breach legislation, eleven states introduced legislation this year to expand existing laws and increase penalties; however, only two states, Connecticut and Vermont, enacted tougher legislation. California has taken the lead on this issue by creating the California Medical Privacy Fact Sheet explaining the relationship between HIPPA and state laws, identifying which state laws protect information, definitions of medical privacy terms and types of information contained in medical records. In a quote from Deven McGraw, director of the Health Privacy Project stated, “Harm is in the eye of the beholder. How does a hospital or an insurance company know whether an improper disclosure will harm an employee’s chances for promotion or endanger a victim of domestic abuse?”
Susanne L Woodford, Freelance Writer