Is Your Health Data Really Private?

When a patient goes to the doctor, they expect their records to be kept private and to be used only as necessary. But as health data goes digital at an increasing pace, many patients are concerned that their information isn’t as secure as it should be. How private is your health data really?

In our digital age, a growing number of hospitals, clinics, and physicians’ offices are moving patient information to cloud-based servers. In theory, the practice allows providers to more easily see and share patient information, creating a seamless and more efficient patient experience. However, that isn’t always the case.

If you’re concerned about your health data privacy, you're not alone. A recent survey found that the majority of patients are skeptical of health IT, especially in terms of privacy. Much of this is due to recent reports of data hacking and the threat of anything from financial information to ACLS certification being made public.

Under HIPAA, only certain medical professionals and insurance agents can access a patient’s medical records and patients can set who can access their private information. Data covered under HIPAA includes anything from a patient’s medical records, billing information, insurance details, and communication between the patient and the provider. However, in order for HIPAA to be effective, the safeguards and processes for protecting patient information must be put into place by the provider. As more hospitals and clinics attempt to streamline processes by going digital and moving information to the cloud, the process of controlling a patient’s information gets more difficult, and more cracks can appear that can put private information at risk. In fact, developers of healthcare apps, mobile devices, and tracking sites don’t have to abide by HIPAA rules, meaning that the areas where digital information is most likely to be exposed is already open to hackers and other people.

At the top of the list of concerns is that pharmacy prescriptions, mental health notes, and chronic condition data is being shared with employers, retailers, or the government without the patient’s knowledge.

Often, the more you interact with your health records, the more at risk your information is to be shared. For example, transferring prescriptions or starting a new treatment may bring your data to the surface. In those cases, only the basic personal information is typically made available to pharmacies and health research organizations. However, if you apply for life, disability, or long-term care insurance, your information is more likely to be shared with other insurance companies. This spread is very difficult to control, but you can get a copy of your personal information that was shared.

What can be done to better secure health data and to rebuild patients’ trust with health IT? For many people it comes down to not only more secure systems, but also healthcare professionals and administrators better understanding the systems. Most people find the technology trustworthy—their main concern is with how providers are using it. Many patients report not feeling like their physician is proficient in health IT technology, but in many cases they still use the new system, even without a basic understanding of how it works. With handling such sensitive information, it is vital that everyone along the way understands how to keep the data safe and secure. The issue could be that medical staffs simply aren’t being trained well enough, and some employees may need to get some medical transcriptionist training to better learn how to handle sensitive data.

As healthcare providers and developers work to find new digital systems that keep information readily available to the right parties, patients can take their security into their own hands. Removing or redacting information from health clinics after you are done being a patient there can, in theory, remove some of your digital healthcare footprint. Other steps can be done to protect your privacy outside the cloud, including shredding medical documents and blacking out personal information from prescription bottles before throwing them away.

Healthcare IT has the potential to transform the industry, but there is still plenty of work to be done before patients and providers are satisfied and personal information is kept secure.