How Safe Are Your Electronic Medical Records?
So you had a bout of hypochondria and Googled the heck out of your medical symptoms. That could be bad news for your privacy
There are plenty of perks to going digital when it comes to your health. In fact, 56 percent of physicians who used electronic medical records provided significantly better care than those using paper records, according to a study in the Journal of General Internal Medicine. And digital records give you more control as a patient: Apps like Apple Health, My Medical App, or Hello Doctor keep tabs on your meds, appointments, and blood tests, plus your sleep, diet, and exercise habits.
But you might want to be careful what you search online for: Scouring some websites puts your health privacy at risk, warn researchers at the University of Annenberg School of Communication. Their review of 80,000 health websites revealed that nine out of 10 visits to these pages resulted in personal medical information being shared with third parties like advertisers and data collectors.
How You Put Your Health Data at Risk
Panicking over all the things you may have Googled in a bout of hypochondria? Us too. Here's what that data may mean: If you're WebMDing certain illnesses-say diabetes or breast cancer-your name could become linked to your search in a database that's owned by companies that are subject to few, if any laws. "These companies, known as ‘data brokers', could sell the data to whoever has the money to buy it," says Tim Libert, a doctoral student and lead researcher on the project. "There are no real rules on protecting this data, so the chance for thieves to get it goes up the more companies that collect it."
Is Anything Safe?
"Anytime data is stored on a computer connected to the Internet there is some risk-after all, there are lots of criminals out there who make a living on stealing identities," says Libert. "However, data covered by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), which includes medical records from your doctors office and insurance company, is required to use strong protections to keep hackers out. In contrast, data collected on web browsers by advertisers like Google and data brokers is outside of the law. We have to trust these companies to do a good job." Unfortunately, not even HIPAA regulations seem to be enough to keep the hackers out. In just the last month, two major medical companies have reported data breaches that exposed the medical records of tens of millions of customers.
Why? HIPAA doesn't specify the exact technology needed for protection. In the rush to join the digital age (the federal government is offering financial incentives for doing so), hospitals and doctors are sometimes using protective software that's inadequate, creating more problems than it solves, says Scot M. Silverstein, M.D., author of the reformist Healthcare Renewal blog. "While computer systems used by other fields like the pharmaceutical industry are required to undergo rigorous testing under government supervision before being used, there is nothing like this for electronic health records," says Silverstein. "It's important to establish meaningful oversight of the industry to make sure we are using quality software that is safe and effective."
Until then, take your health back into your own hands. (Online isn't the only area where your health privacy is a concern. How Much Health Information Should You Reveal at Work?)
1. Download browser add-ons.
Until congress steps up to make sure health privacy laws like HIPAA cover all health-information on the web, prevent your info from being shared with third parties while visiting health websites. Try browser add-ons. "Ghostery and Adblock Plus work fairly well and can block some, but not all, of the hidden trackers that collect user data," says Libert.
2. Forget public Wi-Fi.
"Your local coffee shop is not the place to do sensitive stuff on your computer," warns Libert. "These open networks require no passwords, which can create an easy entry point for hackers."
3. Review your doc's records.
"Log into your account regularly, especially after or before a doctor's visit, to make sure all the information your doctor has on file for you is completely accurate," says Silverstein.