Keeping Your Health Data Secure

You receive a statement from your insurance company after having a procedure and notice something odd – it states you have a large outstanding balance. You always pay your bills on time and never leave a balance. How could this have happened?

With health data accessible online, it allows your care to be more thorough and succinct. However, the number of people that can access your personal health information is staggering. There are dozens of individuals or organizations that can legally request your medical records for a variety of reasons.

And then there are those who access your records illegally. Although identity theft is usually associated with financial transactions, it also happens in the context of medical care. According to the Federal Trade Commission (FTC), medical identity theft occurs when someone uses another person’s name or insurance information to get medical treatment or prescription drugs.

How do you know if you are a victim of medical identity theft?

You may:

  • Get a bill for medical services you didn’t receive
  • Be contacted by a debt collector about medical debt you don’t owe
  • See medical collection notices on your credit report that you don’t recognize
  • Find erroneous listings of office visits or treatments on your explanation of benefits
  • Be told by your health plan that you reached their annual limit on benefits
  • Be denied insurance because your medical records show a condition you don’t have

Is there a law that protects my health information?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires health care providers and organizations to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc.

What can you do if you think your health information has been accessed inappropriately?

If you believe that your health information has been accessed or used inappropriately, report your concerns to your physician or administrative staff of the physician office or hospital immediately. Federal laws created to enforce the HIPAA legislation specify steps that providers and their business associates must take to investigate, report and address any unauthorized acquisition, access, use or disclosure of PHI that compromises the security or privacy of the information. Providers are required to provide all individuals affected by any such breaches with a description of the incident, including information about what steps they should take to protect themselves and what steps the care provider will take to recover the loss and avoid further breaches. The report must include contact information of an individual assigned to answer questions from individuals affected by the breach. Sources:;

Patients have rights…

Patients can file a complaint with the U.S. Department of Health and Human Services’ Office for Civil Rights (at if their rights have been violated. For example, it would be a violation if a medical provider refused to provide someone with a copy of his/her own medical record

Comments are closed.