There's a good chance the answer is yes. Here's how to stay safe

Your doctor's office should be one of the places you feel safest. After all, they can heal all your ailments and are generally someone you can trust, right? But what if your doc could be putting your personal information and records at risk? According to the Ponemon Institute's Third Annual National Study on Medical Identity Theft, an estimated average of 2 million Americans are victims of medical identity theft yearly.

"There are some things doctors are doing that violate HIPAA (patient privacy) laws and could be compromising your personal information," says Dr. Michael Nusbaum, President and Founder of MedXCom, the leading Medical Records App for physicians. "If a doctor is texting other doctors about patients on his or her cell phone, speaking to patients on a cell phone in a public place, calling the pharmacy with your information on a cell phone or unsecure line, or doing Skype consultations with patients where anyone can walk into the room, these are all clear privacy violations," Dr. Nusbaum says.

Here are his top tips for keeping your personal information safe and secure.

Keep It Locked Up


Anything with identifying information should be treated as if it were a bank statement, Dr. Nusbaum says. "Don't keep copies of your medical or health insurance records in your office, purse ,or any other vulnerable spot. Anyone can copy this and use the information. Also, always shred your health insurance forms, prescriptions, and health documents if you do not plan on saving them in a safe, locked place."

Skip the Paper Trail


Instead of a folder full of papers, "store valuable health information electronically on a HIPAA- compliant, trusted site such as MedXVault," Dr. Nusbaum recommends. "Also investigate online, secure sites that will allow you to hold documents in a secure format in one place where you control the access to those records."

Look for Cyber-Security


"If you enter your information in an online HIPAA-compliant patient portal, make sure the site is secure by looking for a lock icon on the browser's status bar or a URL that begins with "https:" "S" for secure."

Don't Email Personal Info


Private information exchanged via email or texting can be intercepted and made public at any time.

"Emails such as Google, AOL, and Yahoo etc. are not secure-ever. Don't use them for anything related to medical records such as social security numbers. If you are emailing your doctor regarding medical treatment, you should both be using a secure portal for exchanging emails."

Online Support


Do you belong to an online community for a particular medical issue?  There are tons of "support-group" types of sites for pretty much any ailment or illness, but beware: Dr. Nusbaum says they are a prime target for Medical ID theft.

"Don't give out personal information or email on these unsecure sites. Instead, use a site like MedXVault, where only patients with a physician confirmed diagnosis can join the group."