Sneak Peeks Stars' Medical Records - and Yours; in Digital Age, Personal Data Not as Secure as You Think
Byline: Karen Goldberg Goff, THE WASHINGTON TIMES
It seems medical records are as good a read for celebrity-watchers as a tabloid. UCLA Medical Center announced this week that it fired an employee who peeked into the private medical files of California first lady Maria Shriver, actress and cancer patient Farrah Fawcett, and 31 other high-profile patients.
The breach, which occurred more than a year ago, was at the same medical center where several employees were recently fired and suspended, reportedly for snooping in pop star Britney Spears' file.
If the files of the rich and famous can be easily tapped, what about those of regular patients?
Granted, US Weekly might not be interested in the details of the Average Joe's gallbladder, but it brings up the question of who is able to look at health records and what they can do with that information.
The answers: A lot of parties can see your records, and the information can wind up all over the place, the gossip column notwithstanding.
In the computer age, everything from your blood pressure reading to risky health behavior history may be stored in your file. That makes it easy for health care workers to access a wealth of patient information, but it may also be easy for all sorts of individuals and companies to know private details as well.
Part of the problem is in the move to electronic records. These systems simplify and streamline record keeping, but security standards are still being worked out.
"There is good and bad about electronic records," says Robert Gellman, a District-based privacy consultant. "There is a lot of promise about medicine going to electronic records. Those who are promoting it talk about its appeal to consumers. But the principal beneficiaries are the health care organization, research facilities and insurance companies."
Once the information is in the hands of those large companies, its final destination is limitless. That is because institutions such as law enforcement, life insurance companies and researchers are not covered under the federal government's Health Insurance Portability and Accountability Act (HIPAA).
Could that personal medical information end up in the hands of potential employers? What about banks, who may turn you down for a 30-year mortgage if they know you have a potentially fatal condition? Say you have an unpaid medical bill on your credit report; might the information about what treatment you received be available?
All of these are possibilities, says Mr. Gellman.
"Saying that medical records are private is really cheap rhetoric," he says. "The truth is that they are widely circulated among institutions. because that is the kind of system we have."
Mr. Gellman says the problem begins with HIPAA, which went into effect in all 50 states in 2003. The good news under HIPAA is that doctors are required by the law to give you a privacy statement, which states how your medical information may be used and your rights to file a complaint with the U.S. Department of Health and Human Services' Office of Civil Rights. Patients also have the right to see an accounting of who is accessing their records.
Now the bad.
Your consent is not needed if your medical information is used or disclosed for treatment, payment, or health care operations. Your records can be disclosed without authorization to pharmaceutical companies if they need to recall a part or replace a medication. …