Today’s smartwatches and apps allow us to measure our workouts, provide health metrics, and give us instant notifications and real-time updates to stay on task. However, while utilizing a smartwatch has many benefits, it also comes with a cost.
Electronic Health Records have improved communication, efficiency, and patient care in the healthcare industry, but as healthcare data breaches grow more common, storing and sharing medical records electronically exposes patients to data breaches, which increase yearly. In the process, millions of patients’ most personal information could be exposed without their consent.
Does this sound worrisome? Here’s what you need to know, courtesy of This Week in Digital Health.
Are Hackers Stealing Your Medical Data?
Medical Data Breaches and Ransomware Attacks Multiplying Rapidly
- “HIPAA healthcare data breaches facts for January to May of 2019 documented an average of 37.2 incidents per month. A total of 186 breaches were reported to the Department of Health and Human Services Office for Civil Rights, which is already more than half of the recorded incidents from the previous year,” Leftronic reports. Read more.
- As researcher James Scott explains to Data Breach Today, that information “will look like basic short-form ID theft material, but eventually the electronic health record will surface as a ‘fullz’ – the slang term on the deep web [for] a complete long-form document [containing] of all the intricacies of a person’s health history, preferred pharmacy, literally everything.” Read more.
Which Companies Have Access to My Personal Health Information
- HIPAA Journal states, “While federal rules are now being largely adhered to by healthcare providers, health plans, healthcare clearinghouses, and BAs, medical records are perhaps not quite as private as many Americans believe. Data sharing is strictly controlled, but HIPAA Rules on data sharing also allow health information to be shared with other entities … For instance, HIPAA Rules allow Protected Health Information to be shared with the government and law enforcement agencies.” Read More.
- According to the American Patient Rights Association, approximately 4 million businesses, many of which operate outside the healthcare industry, can access your health records, including employers, banks, financial institutions, marketers, and data miners, to name a few. Additionally, many health-related websites collect information about your medical history. Read more.
- Even Google is accessing personal health information: “Google likely aims to mine Ascension’s data and discover new markers of health it can apply outside the health care system—across its full suite of products—to infer consumers’ medical conditions,” according to Slate. Read more.
What Can I Do to Protect Myself? What Can I Do if My Medical Records Are Stolen?
- com explains, “The Federal Trade Commission warns consumers to look out for bills for medical services you didn’t receive, calls from collectors about medical debt, or notices from your health plan about reaching your benefit limit. Carefully check statements and read through “explanation of benefits” mailings to ensure they match up with the time, place, and services you received.” Read more.
- The Parallax: “If someone has stolen your information, you’re probably not going to find out about an issue until something happens, or it trickles back, potentially years later … important to regularly monitor your accounts and information for suspicious activity —not just immediately following a breach, but also for the foreseeable future,” said Mirick O’Connell, attorney, and chairman of The Health Law Group. Read more.
What Medical Practices are Doing to Protect Patient Health Information
- Having a plan for electronically protected health information (ePHI) is necessary for any medical practice. However, maintaining situational ePHI awareness requires ready-made tools for solving healthcare challenges. These tools are must-haves for healthcare CIOs and CISOs.
- Healthcare Dive asserts that “when it comes to the healthcare industry, the exchange of patient health information for care delivery is sacrosanct. And technologies used must be designed to comply with financial, security, and privacy regulations, including HIPAA and GLBA. … The HITRUST CSF certification is now considered the “gold standard” for a compliance framework in the healthcare information industry. It is the US healthcare system’s most comprehensive and widely applied security framework.” Read more.
For consumers, it can seem like there’s a new data security concern every day. However, while patients need to take steps to secure their medical records where possible, the real onus is on medical providers and third parties with whom they share patient data. Only by securing health data at the source can patient data — and privacy — be kept safe from malicious actors.