Medical Privacy: How to Keep Your Medical Information Safer

Medical privacy made front page news several times in 2015 and 2016 as hackers gained access to more than 112 million medical records from health insurers, hospitals, state health departments, a medical software company, and more. But the issue of medical privacy goes beyond information compromised in hacks. Medical records have also been inappropriately accessed and shared, in some cases on social media sites, by employees at hospitals and physicians’ offices. Health apps and websites can also put your medical privacy at risk, with some sharing information with advertisers.

Why it’s important to guard your medical privacy

Information about the conditions you face and treatments you undergo is personal and sensitive, so you don’t want details about your health shared without your permission.

There are, however, other ways that your medical information can be used that can cause serious problems:

• Medical identity theft: Medical records contain a wide range of information, including your name, address, phone number, Social Security number, emergency contact information, and more. In the hands of identity thieves, this information can be used to open bank, credit card, and loan accounts or to get identity documents such as passports and driver’s licenses. In some cases, thieves have used stolen identities to get access to controlled substances, which led to the identity theft victims being investigated for the crime.
• Incorrect information in your medical record: If someone else uses your identity to receive medical care, the information in your medical record can become corrupted and include inaccurate information that could lead to misdiagnosis or inappropriate treatment. Approximately 20% of the victims of medical identity theft surveyed said they received a wrong diagnosis or that care was delayed because of confusion about the information in their compromised medical records, according to the Medical Identity Fraud Alliance, a group of healthcare organizations and businesses working on more effective ways to safeguard medical information.

 How to protect your medical privacy

Take these proactive steps to keep your medical information safer:

• Occasionally review your electronic medical record. Check the record for errors or new diagnoses or treatments that you did not receive. Alert your doctors and other healthcare providers to the error and request that they correct your records.
• Carefully review all medical bills and explanation of benefits (EOB) forms from your insurer. If you receive a bill or EOB for care you did not receive, contact the doctor, hospital, and your insurer immediately. In addition to calling to report the incorrect claim, it’s also wise to write a letter that outlines the error and requests that the information be corrected. Request a corrected copy of your medical record for your review and follow-up from the insurer about how the error will be handled.
• Check your credit report every year. Look for unpaid medical debts for care you didn’t receive. If there are inaccurate charges, report them in writing to all three credit bureaus.
• Keep your insurance card safe. The information on this card can be as valuable as your Social Security or credit card to a medical identity thief, so keep the card in a safe place. If the card is lost or stolen, notify your insurer immediately.
• Ask your doctors, healthcare facilities, and insurer how they share your medical information. Find out what type of information they share and with whom. If you don’t want this information shared, ask how you can opt out.
• Know how the information you share with apps and websites is used. Medical information you share with apps and websites is not protected under HIPAA. Carefully read the privacy policy before using any electronic health and wellness tools. It’s also wise to refrain from posting personal information in online support groups or on social media.
• Actively select the ways that your healthcare providers may share private information with you. You may or may not prefer text, email, fax, or voicemail. Make sure that you make your preferences clear. Remember that unencrypted email is not secure.
• Keep your electronic and paper medical records secure. For any information that you store on your computer, phone, or online, use strong passwords and change them every 90 days. Install and activate remote wiping capabilities so that you can wipe your phone, tablet, or computer if they’re lost or stolen. Use security software and keep it up to date. Avoid using public Wi-Fi networks. When throwing out bills, EOBs, medical records, and other medical information, shred the paper first.