7 Things you should do to monitor and protect your electronic medical health records: Internet Scambusters #486
We're so used to our personal data being collected and stored we could be forgiven for shrugging off the impending switch to electronic medical health records storage.
But last year alone, 18 million of those records were lost, stolen or otherwise put at risk of falling into the wrong hands.
Just like our health care, our health record privacy is in the hands of others and there's only so much we, as individuals, can do to protect it. But we can tell you 7 things you could and should be doing.
Let's get started...
Electronic Medical Health Records Plan Sparks Data Breach Alarm
The switch from paper files to electronic medical health records is gathering pace as the nation moves towards the 2014 digital deadline set by President Obama.
By the end of that year, everyone who maintains such records, from health insurers to your physician and dentist, is supposed to have made the switch.
If they don't, they could face a fine.
One of the main aims of the change to electronic medical records, or EMRs, is to speed up the transfer of information between care providers and increase accuracy, thereby ensuring treatment is both timely and appropriate.
With medical diagnosis and treatment becoming more complex than ever, this is especially important.
But, as we know, computerized data is a whole lot easier to steal than a stack of papers from a filing cabinet.
In fact, with more than half of all records already stored electronically, data breaches are occurring with alarming frequency.
In 2011, there were more than 380 breaches involving more than 18 million, yes 18 million, electronic medical health records.
This is more than double the rate of just two years earlier.
And those are just the statistics for breach incidents that individually involved more than 500 records, so the actual total is likely to be much higher.
Of course, for the most part, crooks don't steal medical records so they can find out if you've had your gall bladder removed.
As we have previously reported in Medical Identity Theft: A Scary Form of Identity Theft Few People Even Know About, they use the information for identity theft.
That involves using your personal information for anything from making purchases or taking out loans in your name to assuming your full identity to get jobs and "free" health care.
And there are all sorts of opportunities for the thieves to get their hands on your electronic medical health records.
Quoting the Los Angeles Times, the online Wikipedia encyclopedia says that about 150 individuals, ranging from health care professionals to billing clerks, are able to access records relating to a single hospital stay.
Thousands more who handle billing data can also access at least some parts of your EMR.
The information is extremely valuable. For example, according to one estimate, a stolen electronic medical health record sells for $50, compared with just a dollar or two for a credit card or Social Security number.
So, it's not surprising that the general public is increasingly concerned about the risks of their EMRs (or EHRs -- electronic health records) falling into the wrong hands.
A survey by the polling company Harris established that 80% of Americans are worried about the switch to electronic medical records.
Another study revealed that less than 60% of health care providers and only about 40% of insurers had trained employees on EMR privacy.
That's not to say nothing is being done to safeguard electronic medial health records.
Security and access are governed by two laws:
* The Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996 and covers paper records and, by extension, EMRs.
* A provision called the Health Information Technology for Economic and Clinical Health (HITECH), which covers the current drive to switch to EMRs.
Together, these two regulations are aimed at ensuring individuals have access to their own electronic medical record and lay down rules for safeguarding privacy.
What can you do to protect your records?
Sadly, the answer is: not a lot. But that shouldn't stop you from being vigilant to the possibility of theft of your EMR and taking swift action to prevent the impact of a subsequent identity theft.
Here are seven things you could and should do:
1. Check the status of your records with your insurer and health care providers. Ask if they're stored electronically.
2. Check whether staff have been trained to safeguard EMR privacy and, if not, what they propose to do about it.
3. Ask if they have suffered a data breach and, regardless, what their policy is for notifying patients.
4. Check your electronic record once a year. Although not yet enshrined in law, the Office of Civil Rights (OCR - part of the Department of Health and Human Services) has proposed a rule that would allow one free request per year starting 2013.
5. Bookmark and monitor OCR's list of breaches. The law requires that these are reported and the searchable list is regularly updated.
6. If you think your privacy rights have been violated or are concerned about the way your EMR is being handled, you can file a complaint with OCR.
7. If you find you are the victim of a data breach and/or identity theft, check out these earlier Scambusters reports on what to do:
What to Do If You're a Data Breach Victim
Identity Theft Information Center
Incidentally, the OCR site referred to above is an extremely valuable resource for learning more about what the law does to protect your health records.
In particular, you can download or read online the specifics of the two key elements of HIPAA -- the so-called Privacy Rule and the Security Rule.
In the age of electronic medical health records you'll need to play your part to ensure your interests and privacy are safeguarded.
Time to conclude for today -- have a great week!