A Violation of Trust and Privacy: Medical Records Easily Breached
A person's personal medical records used to be considered private and secure. In the Internet age, millions of Americans are finding out that the intimate details of their medical records are too often available for public consumption.
The New York Times reports that the Obama administration is busy writing new medical privacy rules after members of Congress and consumer watchdog groups sharply criticized what they say are inadequate privacy protections offered by current regulations.
On the other side of the issue are insurance companies and hospitals that generally support the current rules; under the rules those institutions have wide latitude in matters of patient notification and information disclosure.
Internet Makes Breaches Easier
Privacy rules specify when physicians, hospitals and insurance companies must inform patients about improper disclosure or use of their medical records. These breaches of privacy are becoming more frequent with ever-increasing use of health technology, and the Internet and its social media sites.
A consumer advocacy group, the Privacy Rights Clearinghouse, estimates that more than five million Americans have had their medical information breached in the past year and a half.
Breaches can occur in a variety of circumstances:
- When laptop computers are stolen or lost
- When paper medical records are misplaced
- When medical data is posted on Web sites
- When curious hospital employees snoop in medical records of acquaintances, government figures and celebrities
Earlier this year, the Department of Health and Human Services submitted new privacy regulations; rules quickly shot down as too trusting of health care givers and insurers.
Doctors, hospitals and insurers would have, under the proposed rules, only have had to notify a patient of a breach of privacy if they determined the violation posed "a significant risk of financial, reputational or other harm to the individual."
No notification was required if the insurer or health care provider decided no harm had been done.
Civil liberties groups such as the Center for Democracy and Technology were adamantly opposed to the proposal. "Harm is in the eye of the beholder," Deven McGraw, director of the group's Health Privacy Project, told the New York Times. "How does a hospital or an insurance company know whether an improper disclosure will harm an employee's chances for promotion or endanger a victim of domestic abuse?"
Private Data Made Public
Clearly, patients can be harmed by improper disclosure of their private medical records. Earlier this year, Blue Cross Blue Shield notified a million people that their privacy could be compromised by the theft of computer hard drives from a call center. The computers included Social Security numbers and diagnostic information about some Blue Cross Blue Shield consumers.
In Colorado, information was taken from a state computer containing information on prenatal care, and treatment for breast and cervical cancer for over 100,000 women.
While the federal government rewrites privacy rules, breaches continue across the country; violations of confidential records that can damage patients who trusted their health care providers to keep crucial information safe and secure.
People harmed by breaches of private medical records can seek compensation for damages by contacting an Ohio medical malpractice attorney who can help to protect their rights and privacy.
