Data breaches and cyber attacks have been recently increasing. Although many consumers believe HIPAA keeps their medical information from falling into the wrong hands, hospitals, doctors’ offices, and other medical providers can still fall victim to cybercrime. Without adequate security protection in place, these providers can leave millions of patients’ information at risk of being compromised. Here’s what you can do to protect yourself as a consumer.
Why Should You Be Concerned About Keeping Your Health Information Private?
● According to Healthcare IT News, “A report says [Facebook’s] handling of personal health information put its users’ health at risk.” Read more.
● “More than 32 million patient records were breached between January and June 2019. That’s more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus,” reports Engadget. Read more.
Which Companies Can Access Your Medical Data?
● American Patient Rights Association: “Over 4 million businesses, many outside the healthcare industry,” can obtain “access to your health records.” Read more.
● Very Well Health: “In the United States, most people believe that Health Insurance Portability and Accountability Act (HIPAA) laws keep our medical records private, shared only amongst our doctors, ourselves, and maybe a loved one or caregiver. But those who believe that may be surprised to learn that others have access to their records and don’t need anyone’s consent to do so.” Read more.
● HIPAA Journal: “While federal rules are now being largely adhered to by healthcare providers, health plans, healthcare clearinghouses and BAs, medical records are perhaps not quite as private as many Americans believe. Data sharing is strictly controlled, but HIPAA Rules on data sharing also allow health information to be shared with other entities … For instance, HIPAA Rules allow Protected Health Information to be shared with the government and law enforcement agencies.” Read More.
What Protections Should Healthcare Providers Enact to Protect Patient Data?
● “The HITRUST CSF enables organizations of any size—from small supplier businesses to large organizations—to address the challenge of complying with the multitude of federal, state and industry regulations, standards and frameworks pertaining to information security—both on-premises and in the cloud.” Read more.
● HITRUST “takes HIPAA, a non-standardized and non-prescriptive compliance framework, and creates a standardized compliance framework, assessment, and certification process for the healthcare industry. In the process it ‘harmonizes’ HIPAA with other compliance frameworks such as PCI and NIST,” reports Datica. Read more.
What If Your Data is Stolen?
● According to the Parallax, “Regularly monitor your accounts and information for suspicious activity —not just immediately following a breach, but also for the foreseeable future.” Read more.
● “Ask your doctors, healthcare facilities, and insurer how they share your medical information. Find out what type of information they share and with whom. If you don’t want this information shared, ask how you can opt out,” explains Pinnacle Care.Read more.
● "Under a groundbreaking law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), patients have a right to get some or all of their medical records upon request. (Psychotherapy notes can be excluded.) Hospitals, medical clinics, physician practices, pharmacies and health insurers are required to make this information available within 30 days (sometimes a 30-day extension can be granted), at a reasonable cost and in the format that patients request (for instance, paper copy, fax, electronic copy or CD), if possible." Read more.
Many consumers assume that HIPAA compliance alone is enough to protect their private medical information from a cyber attack. However, medical providers should take additional steps to protect consumer information. For instance, you should clarify with your provider whether they’re HITRUST-certified in addition to being HIPAA compliant. Monitor your information and reach out to the U.S. Department of Health and Human Services if you believe you’ve fallen victim to a data breach or other cybercrime.