If you’ve kept up with the news, you’re already well aware of the recent data breaches that targeted consumers through companies like Anthem. In what might come as a surprise to many consumers, health information isn’t always kept safe or private. In fact, some hospitals even share your medical data with big tech giants like Amazon, Google, Facebook, and Instagram.
As cyber threats increase, consumers must be proactive and take action to keep their personal health information private. Not only to protect their medical privacy but to also ward off identity theft. Here’s a quick rundown of what you should know as a conscious consumer.
Why You Should Care About Medical Data Breaches
- According to CBS, the Department of Health and Human Services reported hundreds of “medical data breaches” and “some of that information winds up for sale on the internet’s dark web.” Read more.
- Health IT Security says that “many [data breaches] went on for extended periods of time, while others failed to report within the HIPAA-mandated 60 days. Third-party vendors and phishing attacks were behind most of these security incidents.” Read more.
How to Find Out Which Companies Can Access to Your Medical Data
- Approximately 4 million businesses can already access your health information, according to the American Patient Rights Association. This includes companies outside of the medical field, such as financial institutions, employers, marketing companies, and data miners. Adding to the problem, some health websites and apps collect data about your health and medical history. Read more.
- The Wall Street Journal reveals that “hospitals have granted Microsoft Corp., International Business Machines Corp. and Amazon.com Inc. the ability to access identifiable patient information under deals to crunch millions of health records, the latest examples of hospitals’ growing influence in the data economy.” Read more.
- According to HIPAA Journal, “healthcare providers, health plans, healthcare clearinghouses and BAs, medical records are perhaps not quite as private as many Americans believe. Data sharing is strictly controlled, but HIPAA Rules on data sharing also allow health information to be shared with other entities … For instance, HIPAA Rules allow Protected Health Information to be shared with the government and law enforcement agencies.” Read More.
How to Control Who Accesses Your Health Information
- “It can be tricky for people to know what to expect of any software or services they use today. The technology that powers our lives is complex and people don’t have the time to dig into the details,” says Mozilla, the company that makes the Firefox web browser. Unlike Google’s Chrome or Apple’s Safari, Firefox “doesn’t collect [data] (unless you ask us to).” Read more.
- “If someone has stolen your information,” The Parallax says, “you’re probably not going to find out about an issue until something happens, or it trickles back, potentially years later.” That’s why Mirick O’Connell, attorney and chairman, Health Law Group, advises consumers to “regularly monitor your accounts and information for suspicious activity —not just immediately following a breach, but also for the foreseeable future.” Read more.
- Pinnacle Care recommends asking “your doctors, healthcare facilities, and insurer how they share your medical information. Find out what type of information they share and with whom. If you don’t want this information shared, ask how you can opt out.” Read more.
How Providers Can Protect Your Medical Data
- To “eliminate the guesswork” try to find HITRUST-certified companies. According to Medium, HITRUST certifications mean companies comply “with one of the highest standards in cybersecurity … HITRUST was developed by healthcare and IT professionals with a vested interested (sic) in maintaining the highest levels of healthcare information security.” Read more.
- Datica.com also notes that “HITRUST ‘harmonizes’ HIPAA with other compliance frameworks such as PCI and NIST. HITRUST also adapts requirements for certification to the risks of an organization based on organizational, system, and regulatory factors.” Read more.
Most people assume that, if a medical provider claims to be HIPAA-compliant, that means the provider is keeping patients’ safe. Unfortunately, as recent healthcare data breaches have repeatedly shown, HIPAA compliance alone can fall short of preventing medical information from falling into the wrong hands. By educating yourself on the differences between HIPAA and HITRUST, using VPNs and safe browsers, and asking providers and hospitals the right questions, you can take steps to protect your information.
Ford Business Machines is available to assist with these or any other cybersecurity threats by calling 800.633.3673.
Article written by Julia Merrill | Photo courtesy of Pexels