Can Your Medical Records Lead to Identity Theft?

Our medical records are created and stored on our health care providers’ Electronic Medical Records (EMR), or Electronic Health Records (EHR) systems.  These systems allow our providers to share up-to-date information about our health conditions, treatments, testing, as well as prescriptions. If your providers use EHRs, they are able to join a network that “securely” shares your medical records with each other.

When congress passed the Health Insurance Portability and Accountability Act, known as HIPAA, in 1996, its’ purpose was to offer protection for medical records. This law was to give patients control over their health information and to set limits on both the use and release of their medical records, and to establish privacy standards for health care providers. If violated, penalties would be imposed to those who did not follow security standards.

HIPAA grants patients the right to view their records within 30 days of request and gives them the right to know how their records are being used. It also requires providers to obtain permission before disclosing the patient’s personal health information to third parties. Exemptions to HIPAA laws include life insurers, employers, and school districts.

EMR/EHR systems were meant to improve the quality of medical care, reduce costs, and most of all, were expected to provide increased security, as opposed to traditional paper records used before.  The advantage over paper records is that the computerized system records everyone who accesses the patient’s information, which can be tracked back to that individual.

The problem is that the rush to get everyone’s medical records into this national database electronically, did not safeguard against privacy problems. According to the government’s recent reports, patient’s sensitive and private information is NOT safe from hackers. These hackers make a living from selling our private information to create false identities, false Medicare, and Medicaid claims, as well as credit card scams.

From September 2009 to October 2011, 19 million people were victims of hacked networks, stolen laptops, lack of encryption, and improper disposal, according to the Health and Human Services Office for Civil Rights. The California health insurer, Health Net, lost 1.9 million records of their members last year.  In 2010, the digital records of 1.7 million New York City Health and Hospitals Corp. patients were stolen from an unlocked van.

What is unbelievable is that none of these incidents faced fines, however, some signed “resolution agreements” with the Office for Civil Rights requiring them to fix their systems. That is equivalent to a slap on the wrist. Since the passage of HIPAA, the Office of Civil Rights has levied only $9.5 million in related fines, none of which went to the affected citizens.

Parts of Obamacare state that all medical records will turn digital by 2014, according to a provision in his economic stimulus package. This would allow physicians to store patient data. Hospitals and doctors offices will be able to access our complete medical history, making it easier to connect fragmented medical records. It would not only cut costs for doctors and patients, but could aid in the prevention of life-threatening medical errors such as allergies, contra-indications in medications, duplication of lab tests, and scans.

On the other hand, your medical records are a documentation of your individual health history. Every illness, symptom, prescription drug use, and treatment you have experienced is recorded. Your family health history, allergies, innoculations, and sicknesses will be part of this file, as well as your occupation, social security number, address, checking or credit card information used to pay, and other personal information.  Much of this information has nothing to do with your medical history.

Many individuals have access to your information, including personnel in doctor’s offices, hospital employees, and other health care facilities. It should not be a requirement to provide your social security number to anyone in these offices, since you have no guarantee that person can be trusted.

Tests done via an audit at many large hospitals confirmed that security was vulnerable, which may result in costly losses. Incentive programs are being offered to entice hospitals and doctors offices to switch to the electronic medical records. These incentives can cost close to $27 billion in the next ten years. Those failing to update their systems will face cuts in their Medicare reimbursement payments.

It is true that going to the doctor may be good for your health, however, it may cause you to lose your identity and financial security.

Feel free to comment on this blogpost. Follow us on Twitter, and become a fan of our Facebook page. You may also contact one of our attorneys at 1-800-246-HURT (4878), or stop by our website for more information.

Related Posts