Introduction
Medical Privacy is the confidentiality of patient health records. This topic is becoming an increasing issue as our world turns more digital every day. Some of the issues posed with digital medical privacy are that medical information is subject to breaches and targeted attacks. In addition, we are living in a world with a prevalent sharing culture, meaning that information is constantly being shared and exchanged through a variety of digital mediums. This topic proves very important because it is a very widespread issue and can potentially affect anyone with digital health records. Medical data is often something that people do not wish to share with anyone and is usually extremely private. In addition to privacy concerns, the sharing of medical data can affect how much you owe insurance companies through premiums.
What is HIPAA?
HIPAA is an abbreviation for the Health Information Portability Accountability Act of 1996. The purpose of HIPAA is to protect patient privacy by protected medical records. HIPAA informs people how their health information can be legally used and what type of information is shared with others (Midwest News Media). You might be wondering what information HIPAA protects. The answer is that is a broad range of past, present, future information about a physical or mental health condition and the provision of health care and payment associated with the condition (Midwest News Media). HIPAA protects information that can be individually identified as well. Below is a map using StoryMapJS to display some of the most famous HIPAA cases in 2018, the information from HIPAA Journal.
An example of HIPAA in practice is that an employer is allowed to ask for a doctor’s note when an employee skips work, however, the employer is not allowed to ask the doctor for any more medical information without the patient’s consent (Midwest News Media). HIPAA is a federal statute and criminal offenses of HIPAA are managed by the United States Department of Justice (Vanderpool, 2012). The maximum criminal consequences for a HIPAA violation are a $250,000 fee and 10 years in prison (Vanderpool, 2012). Below is a timeline using TimelineJS of HIPAA that includes information from the HIPAA Journal.
Security Risks
HIPAA only protects specifically medical information which can prompt insurance companies to find other ways to gather non-medical information to gauge a person’s medical state. For example, a company called Optum that is owned by United Health filed for a patent that would allow them access to patient’s Facebook and Twitter to link their social media to their health records (Allen, 2019). Companies can track race, education level, TV habits, and marital status through a variety of different mediums (Allen, 2019). Some of the ways that companies gather this information are through your bills, social media, and online purchases. This information is then used by insurance providers to determine your insurance premium costs. For example, insurance companies could assume that a woman who changes her last name recently could be expecting a pricey pregnancy soon (Allen, 2019). Low-income populations and minorities are often targeted because they assume they live in more dangerous neighborhoods with an increased health risk (Allen, 2019). In addition to unwanted information being vacuumed up about individuals, another security risk is breaching (Fu, 2013). Below is a tweet from HIPAA Journal that promotes good cybersecurity and helps avoid HIPAA risks.
Common Office 365 mistakes to avoid and #HIPAA best practices https://t.co/3k2pyMRCNZ #healthcare #cybersecurity
— HIPAA Journal (@HIPAAJournal) November 4, 2019
What Does Your Employer Know?
One of the most important topics of medial data is determining what an employer is allowed to know about your health. This is a relevant topic for everyone in the class because soon we will all start our careers. Privacy experts have come to the conclusion that it is the right of companies to know about some of the medical treatments their employees undergo as they often pay for it (Luhby, 2014). Medical information is often needed to manage their funding of health care benefits. However, this does not sit well with many people as they just view it as an invasion of patient privacy. HIPAA still protects from the specifically identifiable health information, but companies can still offer incentives for a healthy lifestyle through the disclosure of results form blood tests and drinking habits (Luhby, 2014). Another issue in the workplace is the disease management and wellness programs that include doctor referrals, support programs, and weight loss initiatives as people feel that this information should be kept separate from their work (Luhby, 2014).
Conclusion
Medical information is becoming increasingly difficult to protect as the digital world creates a barrier for security. However, we have rules in place like HIPAA to protect individually identifiable health information. There are still other ways that companies, including insurance companies, can accumulate information on individuals and use it to infer a person’s health. We also discussed the information that an employer can gather, which proves important for basically anyone with a job. Medical data is an important issue that we must protect for the privacy of all patients.
Works Cited
Allen, Marshall. “Health Insurers Are Vacuuming Up Details About You – And It Could Raise Your Rates.” ProPublica, 9 Mar. 2019, www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates.
Fu, Kevin, and James Blum. “Controlling for Cybersecurity Risks of Medical Device Software.” Viewpoints, Oct. 2013, www.csl.sri.com/users/neumann/cacm231.pdf.
Luhby, Tami. “What Does Your Employer Know about Your Health?” CNNMoney, Cable News Network, 12 Feb. 2014, money.cnn.com/2014/02/12/news/economy/employer-health/index.html.
Midwest New Media. “Medical Privacy.” Workplace Fairness, www.workplacefairness.org, www.workplacefairness.org/medical-privacy-workplace#1.
Vanderpool, Donna. “Hipaa-should I be worried?.” Innovations in clinical neuroscience vol. 9,11-12 (2012): 51-5. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3552464/