Our health, meaning our physical and mental well-being, is perhaps the most personal matter we deal with in our lifetimes. Because it is so personal, we have high expectations that any information about our health will remain a private matter, shared only with those who we choose to share it with, including our doctors and partners, but few others.
Further, our health intersects tightly with other very important matters in our lives that bring with them privacy expectations, too. Our health affects our money and finances, for which we expect privacy. Our health intersects with our loved ones and caregiving, whether we are caring for them, or they are caring for us. And our health intersects very tightly with our physical bodies, for which we expect privacy, too.
And yet, every day our personal privacy is being violated in ways we don't expect. From giving our medical records to people we don't believe should have them, to questions about our credit and how it relates to healthcare, to hospital gowns that are open in the back and can't be secured - healthcare privacy violations are the norm, not the exception.
As smart patients, we need to be aware of the many ways in which our relationship to our health and care is violated by the system so that when possible, we can protect ourselves. Here are some of those violations with links to expanded information to help you better understand:
HIPAA Privacy and Security
HIPAA, the Health Insurance Portability Accountability Act was passed by the US Congress in 1996 and was intended to protect patients' medical records. It came along at a time when electronic sharing of information was becoming more prevalent, and was intended to address fears that our very private health information could be delivered accidently to the wrong people by fax or through the Internet.
With its passage, we felt protected. But perhaps we should not have.
As it turns out, there are many assumptions we have about the security and privacy we think HIPAA offers that may not be true.
In fact, there are dozens of organizations and individuals who have access - easy access - to our not-so-private health records. Most patients are appalled when they learn just who can get personal health information about them.
Electronic Medical Records (EHRs and PHRs)
Of course, HIPAA laws were developed to put sharing constraints on electronic transmission of records, meaning, the record had to be electronic to begin with. At the time, some doctors and hospitals were beginning to keep patient records on the computer (especially financial business which they were then transmitting to insurers and Medicare or Medicaid for reimbursements). Records were probably more likely to be faxed to another doctor than they were to be sent by email. In 1996, there just weren't very many people people using email yet.
But today, EHRs (sometimes called EMRs) are being used across the country, and across the world. So far, most of these systems are "closed" - meaning - they don't talk to each other yet. But there are big money government incentives for building and implementing electronic records sharing programs so that, within the next decade, Americans will be able to visit a doctor while on vacation, and have that doctor pull up their records from home.
But of course, all that electronic information is so easily stolen. Called "medical identity theft," tens of thousands of medical records are stolen each year by thieves intending to sell insurance numbers and records to someone who can't afford insurance but needs medical care. When records are stolen, then sold to someone else, it becomes not just a violation of privacy, but a danger to our personal health, too.
Money, Credit and Finances
There are so many ways the intersection of healthcare with our money, credit and finances is vulnerable to privacy violations. From using credit to make decisions about hospital care, to the ways health insurers can obtain information about us, then use it to figure out what to charge us for premiums; the truth is, there is no such thing as privacy as it relates to healthcare and money.
As smart patients we know that there are many ways money affects the healthcare we get. In addition, we should make ourselves aware of the many ways credit and scoring systems may have a negative effect our abilities to get the healthcare we deserve.
Our Habits
Perhaps the most "Big Brother" of all the privacy violations we experience is all the information that is being collected about us that is being used to draw conclusions about us that may, or may not, be true. Not all of these activities are being applied to healthcare yet, but the leap to healthcare application would not be a big one.
FICO, the credit scoring company, and IntelliScript and MedPoint, two companies that collect information about the drugs we are prescribed, are helping insurance companies decide whether they want to insure us.
Loyalty reward cards, those plastic swipe cards issued by supermarkets and pharmacies, collect information on the food we buy, and prescription or over-the-counter drugs we purchase. These loyalty cards can divulge information that is considered good or bad (organic vegetables? sugary treats? or alcohol?). We have to wonder how long it will be before that information becomes a part of the decision-making process insurance companies use to determine our premiums or providers use to treat us.
Similarly to loyalty reward cards, credit cards track what we're doing and can make assessments on us that may be positive or negative, but are no less personal. Credit cards can track risky choices -- or maybe even healthy ones, like how much we travel and how we travel (did we fill up the gas tank or buy a plane ticket?), how often we eat out and what kinds of restaurants we choose, what products we purchase (parasailing equipment? or new running shoes?), or what services we need (a massage therapist? or motorcycle repair?).
Modesty
Most of us have issues with modesty which result from our upbringing, negative life experiences, and religion. For some of us, the fact that exam gowns are too small means we are slightly embarrassed.
But some individuals, both men and women, are far more modest than others, and feel that violations of their need and desire to keep private body parts covered are a major barrier to their ability to get the healthcare they deserve.
For those who do have modesty issues, it's not about a too-small gown. It's about a true dread, immense embarrassment, and therefore a total avoidance of accessing medical care because few providers consider modesty in their approach to the care they provide.
................................................
If you conclude from these examples that the healthcare system doesn't really provide patients with the privacy most think they have, then you are right. And since electronic medical records, their electronic distribution, and the influence and profits credit and adherence reporting agencies enjoy are only growing, individual privacy will continue to diminish.
The one step we patients can take is to be sure our records, at least, are correct. Be sure to review your medical records on a regular basis, and correct any discrepancies you may find.
