When it comes to the privacy of medical records, many assume HIPAA protects them. I found there are numerous ways your information can be made public and not all of it is illegal.
Caren Dacumos learned her medical information can be seen by anyone just because of a financial dispute with her doctor.
“It’s really devastating when they told me oh, people can just open up your case and look up your information on line, what you’ve been seen for, your diagnosis,” said Dacumos.
Dacumos’ specific diagnosis was disclosed here in court filings.
“When they open the case they’ll see all my information there, probably they can even steal my identity, they can look up what I was seen for which is ridiculous,” explained Dacumos.
According to Dr. Deborah Peel, founder of Patient Privacy Rights, court documents are just one of the places where your information can be easily found.
“All of the people who hold your records, now control when they’re used and when they’re sold. We don’t even have a chain of custody. We don’t even know how many places it goes and who’s sold it and who’s used it,” explained Dr. Peel.
Dr. Peel said as patients we often sign our privacy rights away just to get treated. Even your prescriptions are a lucrative business.
“All 55,000 pharmacies in the United States sell our prescription records every night,” said Dr. Peel.
Dr. Peel said this all began with HIPAA, the law that’s supposed to keep our medical information private.
One year after becoming law special interests got involved and watered down the rules.
Washington is one of 33 states that sells patient information and for $50 per year you will get info that includes age, sex, diagnosis and procedure codes. Christopher Burgess, a computer security expert said that makes a hacker’s work easy.
“If it can be stolen and married up with protected identifying information or personal information, it can be married together to create what criminals call fulls and it can be sold for approximately a $1,000,” said Burgess.
According to Harvard, a single trip to your doctor could mean 18 different groups, from billing to medical coding businesses to information clearing houses, accessing your information. All of these groups can be hacked or even a careless act can jeopardize your information.
“A urologist had his laptop stolen out of his vehicle and he had over 2,900 patient records on his laptop. They include their medical information, their personal identifying information and it was unencrypted,” said Burgess.
Here are a couple of things you can do. Go to Patient Privacy Rights and check out its resource documents. There’s an opt out for the American Medical Association data base-because it sells information and a complaint form if you believe your HIPAA rights have been violated.
“I just want it to be an eye-opener to everyone out there,” said Dacumos. “They should not post online your diagnosis or your phone numbers, where you live. They can phish for your identity there,” said Dacumos.
Now, Washington state law does not allow you to “opt out” of the sale or sharing of your medical records.
So ask your doctors how they use your data and be diligent with the security of your personal information.
As for Caren’s case – – she went through all of this and her case was dismissed with prejudice – so they can’t come after her again. But her information she’s still dealing with her personal information being made public.