Threats to Medical Record Privacy
- Administrative Actions. This includes errors that
release, misclassify or lose information. This includes
compromised accuracy, misuse by legitimate users, and uncontrolled
access.
- Computerization. While in some situations
computerization increases privacy protection (for example, by
adding passwords to sensitive areas), it may also decrease privacy
protection for the following reasons.
- Computerization enables storage of large amounts of data in
small spaces. Thus when an intruder gains access, it is access
not just to certain discrete amount of data, but to larger
collections, and perhaps keys to even further information.
- Networked information is accessible from anywhere at any
time, allowing a larger number of people access. This increases
the possibility of mistakes or other problems such as misuse or
leaks of data.
- New databases and different types of data sets are more
easily created. This both drives demand for new information and
makes possible its creation.
- Information is easily gathered, exchanged and transmitted. Thus potential dissemination theoretically limitless.
- Computerization enables storage of large amounts of data in
small spaces. Thus when an intruder gains access, it is access
not just to certain discrete amount of data, but to larger
collections, and perhaps keys to even further information.
- Access by unrelated parties.
- Insurance companies. They may either check records
before approving treatment or who may check records before
extending coverage.
-
- Drug companies. These companies may have deals with doctors and hospitals, and who may use the list for marketing. (Consumer Reports)
- For example, PCN (Physician's Computer Network) has
access to the patient records of 41,000 doctors, which is
about 10% of office-based doctors in the United States. By
participating in the PCN, a doctor requires a doctor to view
promotions from drug manufactures. In addition, PCN reserves
the right to copy information from the computer to other
companies. Of course, this can only be aggregate data, but
may include ages, diagnoses, treatments, and prescriptions.
Most policies that consumers fill out have an authorizations to RSA information to the insurance company. Most insurance policies sold in the U.S. and Canada also give notice that a report may be filed with the Medical Information Bureau (MIB), which is financed and run by the insurance industry to detect fraudulent applications. Of course, not everyone is included in the MIB database.
- Insurance companies. They may either check records
before approving treatment or who may check records before
extending coverage.
- Employers
- Court subpoenas. Often a patient will be unaware when her or his records have been subpoenaed. Even worse, unnecessary information is often included when the records are not adequately screened.
Return to EPIC Medical Privacy Page.
Return to EPIC Privacy Page.