Thursday, January 8, 2015

Your personal private health information is valuable. And it's YOURS. Protect It !


      When we visit the doctor these days, much of our health information is collected, transmitted and stored electronically. We might enter our medical history into an iPad.  Our prescriptions are often sent directly to our pharmacies electronically, and results of our lab tests might be made available for us to view online, through an online patient portal. Even our appointment reminders may be communicated via text or email. 
     You have probably noticed some of these trends, and you can expect them to continue. Here in New York for example, there will be no paper prescriptions permitted after March of 2016. Electronic prescribing will be the standard and the rule. Very convenient and efficient, many of these changes offer us enhanced efficiency, convenience and safety.

 HOWEVER....... some of these advances also conceal potential threats to the safety and security of our information. If huge corporations like Target, Sony and Microsoft can suffer a data breach, how safe can our health information be?  Here's some interesting info about the Sony breach as it relates to health information.
     This is something to be aware of any time you hand over your insurance card or your credit card, or type any information into a computer you do not own. Digital information can be shared easily, with the click of a button.  That is what makes it so convenient. The question of how to ensure that your data is safe is complicated, but a few simple principles are usually worth following.

     There are several sources of "information insecurity" when it comes to our health information. We always think about hackers and identity thieves first. The personal information in your doctor’s computers can be valuable, and there are criminals who would like to have it.  But the more easily data can be appropriately shared, the more easily it can be inappropriately shared.  Information access is inversely related to information security. Anything you type into some computer somewhere, might one day appear on any computer anywhere.  (Unless I can find a reference to that somewhere, I’m going to call it Rubinstein’s Law). 

     The most reasonable course is to practice what I call good "information hygiene". Share only the minimum amount of information necessary, and be sure you know who will have access to it, and for how long.

     DON'T use your social security number for health identification purposes. There is really no reason to write it down, even if there is a line for it on a form. Just leave it blank. Insurance companies are no longer using SSNs for identification purposes. Now they issue their own unique identifying numbers.
     DON'T access your medical information any public Wi-Fi access. Even if you are accessing your information from the doctor's "secure portal". Remember that nothing is "secure" unless your own internet access is secure also. If you're checking the results of your blood tests from a laptop at Starbucks, you might as well post them on your Facebook page.
     DO put expiration dates on your permissions. Many forms that you sign giving access to your data remain in effect unless you specifically cancel them, often in writing. Cross out the part that says "until canceled" and write in an expiration date. I usually pick 1 or 2 years from the day I sign the form. 

    This only scratches the surface. Here is a little more reading on the subject......