Your medical records may not be confidential after all, as a recent ABC News Investigation revealed. Physician’s notes may be accessible to doctors as well as other healthcare professionals in an organization. Hospitals may have rules about the personnel that may access the healthcare record, but the problem is that very often compliance is not strictly regulated. The ABC news investigation revealed that medical records can be easily bought online when they are unprotected.
The medical records become public property via theft, hacking of a computer that stores medical records and through loss of records. The shocking fact is that often medical staffs are bribed to make available protected health information such as medical records, health financing records and insurance claim forms. Those who purchase medical information usually use it for medical fraud. It is estimated that more than 50 million people in the US were not covered by health insurance in 2010. Stolen medical records were used to provide an identity to many individuals who falsely obtained medical care through medical identity theft. Apart from uncovered entities, stolen medical information is also believed to be purchased by drug manufacturers and pharmacies that use it to better target their consumers.
At least 78 breaches have occurred this year that affected five hundred or more people according to the HHS Health Information Privacy Tool. Many breaches have affected thousands and some have affected tens of thousands. The HHS site provides a list of more than 21 million people who have been victims to data breaches to date.
In case you feel that your personal data has been wrongly used, you can file a complaint with your physician or health insurer. Complaints can also be filed with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or your State Attorneys General Office. You can file a complaint with the Federal Trade Commission if you feel that any online company that is not covered by HIPAA is guilty of sharing your health information against their declared privacy policy.
