Every day, the tools for coordinating health care are becoming more advanced. Even with pending legislation about the repeal of the Affordable Care Act, hospitals and doctors offices are taking the next steps towards bringing patient information into the cloud. This important change will help to unify the care we all receive and make it easier for us to have accurate health records anywhere in the world. Yet, there are also ethical concerns like protection of patient data.
In February of 2015, Anthem announced that personal data for more than 78 million customers was leaked in a breach. This included some Electronic Health Records (EHR) for those patients. This prompted PBS to ask whether EHR hacks will become a normal part of daily life, perhaps even an epidemic.
The top EHR companies are aware of this problem and working hard to secure data. Understanding how this software works and what kinds of consumer protections are involved will be an important part of understanding health care moving forward.
In 1996, HIPAA essentially mandated the Secretary of Health and Human Services to set to work on regulations that would safeguard patient information in the coming digital age.
The regulations defined many tools to safeguard information, but two important ones define much of security today: encryption and access control. IT security thrives when permissions are in place to limit access to important files. Departments will utilize PIN codes and security passphrases to further lock down important data. In addition, encryption across the network ensures files are moved without danger of exposure to outside parties.
One other important safeguard is the audit trail, which is like a chain of custody for EHRs. An audit trail is designed to help authorities identify who last accessed medical records. Ideally, a breach would be easily detected if unauthorized access were discovered.
It’s important to say none of these safeguards can singularly stop hacking, but best practices are designed to make it much harder to retrieve desired information and deter hacking.
Your Rights Under HIPAA
HIPAA outlines how you can access and use your own health records, and identifies a methodology to file complaints when you feel this information has been misused. This is an important tool in fighting back against hackers.
Companies really take the bulk of responsibility against hacking, and it’s their responsibility to defend against these potential dangers. HIPAA’s rules help safeguard against complacency with built in enforcement. If you file a complaint, it leads to investigation and enforcement if an infraction occurred.
You often sign a privacy notice when you attend a doctor’s office or are admitted to a hospital. These important forms outline specific rights under HIPAA, and it’s important that you read them thoroughly before you sign to understand how your information is shared and protected.
HIPAA tries to protect patients with important safeguards that are put in place to reduce the odds of a hack taking place, but it can’t provide absolute defense. What the act can do is provide mechanisms to file grievances, and to keep yourself informed. If a major hack does occur, HIPAA provisions dictate hospitals and medical companies usually have to inform the patient of what information was leaked.
Your health records are private, personal documents that are between you and your doctor. If these documents are leaks in a breach, you do have rights to seek recourse and defend yourself from potential harm.