Many people today are concerned that their medical records could be stolen or read by others. This is a valid concern. According to the Protenus Breach Barometer, an artificial intelligence platform used by academic medical centers to analyze medical record systems, 32.9 million patient records were breached between 2016 and 2017.
The Health Insurance Portability and Accountability Act (HIPAA), is a federal law that sets minimum regulations for privacy of medical records collected and managed by health care providers. However, some protection for medical information falls outside of the protection of the HIPAA law.
Privacy laws associated with your medical information can be confusing. In general, there are only three types of entities that have access to your medical records:
Employers do not have access to your health records, except in certain circumstances. HIPAA prohibits employers from access patient records or insurance claims without your written permission. However, a supervisor or human resource representative from your company can request limited information, such as a doctor’s note, only if needed to grant sick leave, workers’ compensation, enrollment in a wellness program or health insurance.
Your doctor or hospital staff can discuss some healthcare issues with your close family members, such as your condition, treatment options and prescriptions. However, you must give written permission for your loved ones to view your written medical records. Family members that you have given written permission to be your designated “personal representative” are able to access healthcare records that are needed in order to assure you receive the best care.
If you lose your current insurance coverage and apply for coverage with a new company, the new insurer cannot contact your previous insurer to review your claims history. This would be a HIPAA violation. Insurers may access individual doctors’ files for underwriting purposes, but this is only after you disclose your physician’s name on your application.
Your medical information cannot be used for marketing purposes unless you give permission to participate in free health screenings. In general, health care providers, clearinghouses and insurers cannot disclose health information for marketing purposes. However, if you take part in a free or low-cost health screening, such as the type that are offered at pharmacies or health fairs, the information collected can be provided to marketers.
Healthcare researchers do have access to health data that is collected and compiled for research purposes only. Private researchers and public agencies may have access to some records under conditions of confidentiality. Your name may be on some records, but this information is strictly protected from being made public or shared with anyone else.
Prescription drug information can be collected anonymously and provided to pharmaceutical companies. This information includes your doctor’s name but not yours. Drug companies can contact your doctor and make recommendations for other drugs they think might be a good fit for a specific condition that you have.
Debt collection agencies have access to information about unpaid medical bills, but not about specific treatments. These records can show up on your credit report. The type of information they have access to includes:
Medical records are at risk for cybersecurity breaches. The use of electronic medical recording allows your health care providers to quickly access your information, giving them real-time information. These types of recording systems have been shown to improve the quality of care as well as prevent medical and administrative errors. However, electronic records may make it more difficult to protect your privacy because there always is the potential for security breaches. Healthcare institutions today are aware of the risks and take many precautions to protect the integrity of the data they collect and store.
Contact the experts at Lanier Upshaw, Inc. to learn more about strategies that will help mitigate cybersecurity risks as well as support a healthier workforce.