Have you heard the story about the woman in Florida who received bill after bill from the local hospital for an amputation she didn’t have? After endless hours of wrangling over the telephone, she finally settled the situation by marching into the hospital on her own two feet and propping them up on the administrator’s desk. It turned out that she was a victim of medical identity theft — a very modern kind of crime, in which someone obtains private information about you and your health insurance coverage and uses it to get prescription drugs, treatment or even an operation.
This story illustrates my concerns about new online health tools, such as the ones from Microsoft and Google that enable you to keep virtual records of everything related to your health care, from prescription renewals to immunizations to drug allergies to medical records to test results. It sounds like an excellent idea — efficient and easy use of modern technology, and often at no charge. Some hospitals and doctors are connecting to the services as well, theoretically improving efficiency and reducing the risk of medical errors. The problem is that in a world where anyone can hack into any system, online medical records become something of a Pandora’s box. The troubles that may arise could be far worse than the problems these online health tools seem to solve. Here are some pros and cons, which you may want to consider before logging on…
Several companies are setting up Web sites that enable patients to keep their own medical records online. At the forefront are technology giants Google (Google Health) and Microsoft (Microsoft HealthVault), but individual health care providers and insurers are also developing tools. Government is getting involved too, as Medicare is testing a pilot e-prescription program. The White House is supporting an initiative to create electronic medical records for most Americans by 2014, with the goals of streamlining doctor-patient communication, saving time and eliminating waste and errors.
But whatever benefits online medical records might one day provide, right now they pose a significant threat to health information privacy, warns James C. Pyles, Esq., a principal at Powers, Pyles, Sutter & Verville PC in Washington, DC. The Health Insurance Portability and Accountability Act (HIPAA), which was supposed to protect the privacy of people’s health records, not only falls short of its original intent, it doesn’t even apply to many of the organizations that would be handling health information in a national electronic health information system. So the risk is not only that your information could get leaked or be stolen, it could be possible for some companies to legally peddle your private health data to insurers, Big Pharma or anyone else who wants to pay for it — without notice to you and against your will. The site administrators promise to adhere to voluntary security measures, but there’s no way to guarantee their compliance because patients are not notified when and how their health information is used and disclosed. This opens consumers up to the possibility that sensitive information (say, the fact that a patient has an expensive-to-treat cancer or is HIV positive) can get into the wrong hands.
Illegal hacking poses an even greater challenge, as hackers are notoriously difficult to thwart. Any and all Web sites are susceptible to technical and human errors… in fact, just since January 2005, the privacy of more than 47 million electronic health records was compromised when systems were hacked into and/or left unprotected, and there were also instances where computers storing the information were stolen.
There is virtually no way to extricate inaccurate and false information from an electronic medical record once it has been corrupted through hacking, Pyles told me. Damage to credit from unpaid bills — whether or not the bills are legitimate — is difficult to repair. Even more disturbing, inaccuracies that suddenly appear in your online medical records can lead to potentially life-threatening problems. If you’re in an accident, for example, and are unconscious when brought to the hospital, incorrect data could result in a serious problem, such as a transfusion with the wrong blood type or administration of a medicine to which you are allergic.
Another thing to fear is fear itself. Patients worried about breaches will compromise their health by withholding vital information from doctors. The Department of Health and Human Services has determined that more than two million Americans already fail to seek treatment for mental illness each year due to privacy concerns and nearly 600,000 Americans with cancer delay or fail to seek diagnosis and treatment for the same reasons. They worry that news of a stigmatizing disease could get out and damage their ability to provide for themselves and their families. This is an even greater concern now that we are in a recessionary economy, as many consumers fear they will not be able to get credit to meet mortgage payments or send their children to college.
Recent industry surveys and even a Presidential blue ribbon task force have concluded that the technology is simply not available to ensure the privacy of health information in an electronic information system. Additionally, until the industry decides on a common software platform or system, the process is far too fractured to be effective. It won’t work to have pockets of people on assorted systems — both health care providers and consumers need to be accessing the same database(s) in order to realize the benefits of efficiency. Still, many people are opting in for online medical records as a way to keep their information more organized. If that’s your choice, go about it as safely as possible, as you do to avoid identity theft in general. Suggestions include…
Any and all of these measures will help protect you from online medical identity theft, but it’s not a risk you can stop thinking about… better safe than sorry.
Privacy Rights Clearinghouse, www.privacyrights.org