Most patients believe that their medical records are private—after all, there are laws in place that require healthcare providers to keep these records under wraps, right? Well, yes, but the truth is that your medical records are a lot more accessible and at risk of exposure than you might believe.
The Definition of “Medical Records”
The term “medical records” covers a wide range of information for you and your family, including:
- Medical history
- Lifestyle habits, such as smoking and drinking
- Hospital and medical bills
- Insurance claims
- Prescription history
- Laboratory test results
- Prior medical procedures
- Medical appointment history
- Genetic test results
- Medical providers’ opinions and notes
- Information from health insurance applications, including Social Security numbers
Today this information is often available in several different places through large healthcare providers or systems and electronic record storage. This is beneficial to the patient because it helps a variety of legitimate care providers gain access to information quickly, but it can also be dangerous because it opens the records up to exposure, theft, and unauthorized access.
Privacy Protections Currently in Place
Whether you see a concierge physician or you have a more traditional care provider, there is a national standard for handling medical records called the Health Insurance Portability and Accountability Act (HIPAA, pronounced “hip-uh”). This regulates how everyone from concierge doctors and healthcare providers to health insurance plans and health clearinghouses store and share information.
HIPAA requires that healthcare providers describe to individuals their privacy policies and how records are handled. The person must sign a notice that they have seen and understand the information. Most consent forms include a statement that says once your sign the document your medical records can be shared for “routine” reasons without requiring your consent or notification, a very broad statement that makes it easier for providers to share information.
There are benefits to being able to quickly share information, particularly when you are admitted in an emergency situation or require care when you are traveling and are a significant distance from home, and HIPAA was intended to help facilitate this sharing while still maintaining some privacy.
The Dangers Your Medical Records Face
There are many ways that medical records can be breached today. Some of the most common include:
- Unauthorized access by employees of hospital systems or healthcare providers
- Stolen or lost computerized patient records from unsecured online systems, on laptops, smartphones, or tablets
- Data breaches from computer hackers
- Mishandling or illegal use of data by employees who have legitimate access
- Authorized access by employees of the Federal Bureau of Investigation for any investigation intended to protect against terrorism (under the Patriot Act)
Since HIPAA was implemented in 2003 the Department of Health and Human Services has reported about 35,000 cases of privacy breaches. About 200 criminal cases have also been filed by the Department of Justice under the statute that includes HIPAA, but it is not immediately clear how many of these actually involve HIPAA violations.
Protecting Your Medical Records
There are some things that you can do as an individual to ensure better protection of your personal records. Privacy Rights Clearinghouse offers these recommendations:
- Adjust HIPAA releases by removing the “boilerplate” language that allows broad access and writing in more specific language about how it can be shared.
- Talk to your concierge doctor or other providers about how and what medical records will be shared.
- Request that only necessary photocopies of your records be made.
- Be aware of all the places where you fill out health information (online and in person) or get free health screenings, and minimize what you share that could be distributed.
Finally, to protect yourself it’s always a good idea to be aware of what is out there for your medical records and keep an eye on how it is shared, stored, and used by all your providers. Carefully read through agreements that you sign at your doctor’s office, understand the privacy and sharing policies for health websites and online forums, and know your rights as a healthcare consumer. You can also talk to your concierge doctor about any additional concerns you might have to ensure your privacy.