Home » News
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Failures of health care information protection

March 30, 2009 | Martin Ethridgehill
From the April 2009 print issue

I recently had the opportunity to visit different clinics and centers and while I was not the patient, my information was requested by every location visited. Not just my name, they also wanted [in writing] the name of my employer, supervisor, supervisor’s telephone number, employer’s address, my Social Security Number, etc.

Being retired military, this was always a normal thing to do – fill out all forms that were provided; however, since retirement I find myself less and less willing to continue. Under the supposed protections of HIPAA [Health Insurance Portability and Accountability Act], the patient is afforded some very basic, and very incomplete, perceptions of protection. That being said, the primary thing here to remember is PATIENT. The accompanying spouse, family member, significant other, etc. are NOT afforded the same as they are not the patient.

In instances like the above check-in experience[s], I believe that healthcare institutions are too intrusive into the types, form, and volume of information that they are requesting. To make matters worse, they really have no obligation under HIPAA to even pretend to protect anyone but the person actually seeking care. So what do they do with all of this intrusive information? What’s more – why did they ever start collecting it in the first place?

Insurance companies [and the companies that want to sell electronic records technology and systems] have no vested interest in total protections. Some leaders in electronic record systems have recently called information protection simply an unnecessary cost that will only result in delaying technology deployment. Admitting that there are gaps and holes in protections that open them up to litigation – as a result, it seems that doing the right things for people is not the same as doing the right thing for business. So what is the priority – people or profits?

If you use a search engine [Google, Yahoo, etc] and check on “Medical Identity Theft”, you will literally find thousands of Web sites, articles, and information resources that will either explain the issue, tell you just how bad it is, provide examples of victims and perpetrators, and also provide links to entities such as the World Privacy Forum and the Federal Trade Commission.

The mere fact that millions of victims are accepted as “business as usual”, and billions in healthcare delivery have been fraudulently used, should be enough to make anyone WANT systems of protection. 
While I applaud President Obama for wanting to create better healthcare delivery, information sharing, and cost-reduction strategies, I also hope that better [perhaps REAL] information safeguards will have just as high a priority, and will be put in place. I further hope that institutions of all types will stop the practice of collecting more than just the extremely basic information that they truly need:  healthcare, insurance information, payment information, etc.

Martin Ethridgehill
Albuquerque, NM

Related Topics:

Reader Comments (0)Login to Post a Comment