Personal information seems less personal these days, now that we do just about everything online. Previous generations safeguarded their social security numbers and credit card info as if their lives depended on it, but today many internet users enter this data without a second thought when applying for credit cards or shopping for a car loan.
Some websites may seem fishy and stop us from sharing our information. When that’s not the case, it’s increasingly likely that our personal details are handed over to other companies.
Americans tend to share their most personal information beyond the consumer front, as well. Visits to the doctor’s office and phone calls to your health insurance company often require your data. Whether it’s your date of birth, social security number, or even the names of the prescriptions you’re currently taking, there’s not much you can do to keep these facts private.
As technology use becomes more common in the healthcare world, IT professionals are spending an increasing amount of time focusing on keeping patient data safe. After all, when we hear about how easy it was for hackers to get 40 million people’s credit card information from Target, shouldn’t we worry about what our primary care physician is doing with our info?
Changes to HIPAA: The Standard Of Safety
Sharing health data has long been on the radar of medical professionals. Every time you see a new physician, there’s a good chance that they offer information about HIPAA, the Health Insurance Portability and Accountability Act of 1996. Enacted decades ago, its goal was to ensure that healthcare professionals didn’t share patient information with just anyone—it discussed what can and cannot be shared with other medical offices, health insurance companies, and even your spouse.
Keeping patient data private while still managing to provide appropriate care is a tough line to walk. This is why you likely have to sign an acknowledgment related to HIPAA when you see a new healthcare professional. Patients do have rights under this law, and it works to offer some level of protection against your personal information being released to anyone.
The US Department of Health and Human Services has modified how HIPAA works over the years, and integrating this law with today’s electronic record keeping has created some pretty strict standards. Some of the more current guidelines include medical office computers initiating an automatic log-out once staff members finish accessing patient records, encryption standards, and reporting systems that track all hardware and software use. Despite these policies, there are still major concerns when it comes to the security of health data.
Taking Health Data to the Cloud
For a variety of reasons, medical facilities are changing the way they store your data. While the change brings some advantages to the table, there are also a host of risks.
More tech-savvy individuals may be familiar with the term “cloud storage”. Cloud storage is when computer files are stored in a virtual place instead of on a computer’s hard drive. Some examples of cloud storage providers are Dropbox and Google Drive; information in cloud storage is easily accessible and isn’t lost if a computer breaks or is misplaced.
Cloud storage is an attractive option for healthcare offices because of the ability to remotely access patient data across a multitude of locations. Doctors from different practices can collaborate on a patient’s file, and even individuals with health trackers can have their data stored wirelessly via the cloud. For all intents and purposes, it seems as if cloud storage is the wave of the future, but it brings some scary considerations.
Although many cloud-based systems market themselves as HIPAA-compliant, there’s still a risk that the data will fall into the wrong hands. Physicians who don’t utilize an automatic log-off feature and also check the “remember this device” box are the most vulnerable. Imagine that your primary care doctor took his or her laptop to a coffee shop on their day off and it was stolen. Whoever has that computer can now access everyone’s health data stored on the cloud. If your records had instead been kept on the hard drive of the computer in his or her office, that wouldn’t be the case.
Carelessness isn’t the only thing that we have to worry about when considering our personal information, either, as the cloud can be vulnerable to attackers. Just like someone might try to hack into a bank’s network or even your own personal computer, cyber threats are a very real concern when utilizing cloud storage.
Does Increasing Accessibility Mean Sacrificing Safety?
Patients have often complained about the lack of access they have to their doctor, whether it be for quick after-hours questions or during extended waiting times while at the hospital. To combat this, healthcare professionals are turning to mobile devices, mainly smartphones, to offer better care. According to a 2018 survey by Spyglass Consulting Group, nine out of ten healthcare organizations plan to implement smartphone use into their practice within the next 12 to 18 months.
Much like the concerns raised when discussing the use of cloud storage, smartphone use within the healthcare world can seriously put your data at risk. How easy is it for someone to misplace a phone and allow it to get into the wrong hands? How could a non-standardized system across multiple facilities impact the accuracy of your health data? It’s clear that there are several issues to address before the use of this system can be considered safe for all involved.
How To Protect Your Data
As a proactive individual, you may want to know how to keep your health data more secure, particularly in situations you have little to no control over. It turns out that there’s a lot you can do to help keep your personal information safe:
- Individuals who experience major health issues, including receiving a cancer diagnosis or other serious concern, often tend to share this information on social media. Resist this temptation. Data hackers are very sophisticated and could potentially use this knowledge to help gain access to your identity.
- If your doctor uses an app to communicate and store health data, make sure you read all terms and conditions carefully. This is one of those times where checking the boxes and moving on may not be the smartest choice.
- An insurance card isn’t the same as your Costco membership, so make sure to guard this information carefully. Health insurance fraud is a huge data issue, so treating your insurance information the same way you would your social security card is your best bet.
- Physicians who utilize patient portals to share health data often allow patients to have access to their records, billing statements, and more. Make sure to use a strong password and change it regularly.
- Public Wi-Fi networks may seem like a convenient way to view your data on the go, but this can be breeding ground for hacker activity. When using a public computer, always log out of your patient portal when finished.
- Discuss with your doctor how he or she will communicate information to you. It’s common practice to receive a phone call with test results or appointment reminders, but some practices are moving to more advanced methods. If you receive an email from your provider, make sure it’s legitimate before offering sensitive information.
- While HIPAA is a law that all medical offices must follow, it is rather complex. Don’t be afraid to ask your doctor questions about where your health data may go.
- Before electronic health records, your doctor recorded your personal data in a paper chart that could have been stored for many years. Check on your state’s laws regarding medical data retention so that you understand where exactly your information is kept.
Ultimately, the responsibility of keeping your health data safe falls on the shoulders of both you and your physician. It’s unfortunate that hackers can use sophisticated methods to gain access to your personal information, but as technology continues to advance in the healthcare world, so do the tools and tricks that these individuals use.
In order to receive medical care in today’s society, patients ultimately have to share their sensitive information with others. Make sure you have an open line of dialogue with everyone in your provider’s office, not just your physician. Many times, it’s the nurses or reception staff who make an error, which inadvertently shares health data, so by letting them know your needs and keeping an eye on your information yourself, you’ll be in the best position possible to avoid a data breach.
Want more content like this? Sign up here with your email for $20 off any appointment, special deals, and health-related content sent to you on a regular basis.
About Slingshot Health
Slingshot Health is a health tech startup that brings top healthcare providers and patients together. Patients bid on the cost of services and healthcare providers accept bids based on availability. Slingshot Health is unique in that it is a mutual marketplace putting both patients and providers back in control. Visit us at slingshothealth.com.