The advent of comprehensive digital record-keeping certainly can simplify the medical records process in hospitals. Both recording and retrieving those records is simpler now than when the standard was to request physical copies and then wait for them to arrive via mail. It’s clear that the intersection of health and IT provides ease of access to medical records by hospital personnel and patients. Unfortunately, this ease of access works in reverse. Many Americans are victims of unauthorized, illegal access to their private medical records.
8.5% of all data breaches occur in the medical community. In 2015 alone, there were 253 breaches that account for the loss of over 112 million medical records in the United States. Anthem’s hacking incident in 2015 resulted in the breach of approximately 78,800,000 records. The U.S. Department of Health and Human Services Office for Civil Rights lists that of these breaches, 1,496 medical data breach incidents (affecting 500 individuals or more) have occurred since 2009.
Sensitive medical information often relates to past and present physical and mental health conditions. These files often include payment information and other personally identifiable information, including addresses and social security numbers.
A resource that sheds light on the issue of unauthorized access to medical records is the Privacy Rights Clearinghouse site, where you can search for data breaches by organization, year, and type. Worth noting is that these are comprised only of reported incidents. In the vast majority of these incidents, there is little or nothing that patients can do to prevent it. These records are entrusted to healthcare and insurance providers who then face hacking, malware, and other types of breaches.
The 2016 Bitglass Healthcare Breach Report determined that 98% of healthcare data breaches in 2015 were caused by hackers specifically targeting the industry.
The simple truth is that protected health information is valuable in the wrong hands. Interestingly, it is the non-medical information that is typically targeted because it can be used to take out lines of credit and receive other types of services under the victim’s identity. Social security numbers and other personally identifying information is very difficult to protect again once compromised.
The most difficult part of all is protecting your own personal information, because you have little control over it once it leaves your custody. HIPAA privacy and security rules do not protect your information when offshore private third parties operating outside the system illegally acquire your information. Aside from identity theft protection services, there are steps that you can take to protect information that you do control.
Avoid posting private information in public places
Use strong passwords to secure your data and replace them regularly
Read privacy policies and know your rights before you share your information
Shred sensitive documents before throwing them away
In most cases, healthcare data is targeted to gain access to your social security number and other personally identifiable information. By remaining vigilant and restricting who has access to your data, you can minimize your risks and maximize the security of your personal information.