Threats to Medical Record Privacy

• Administrative Actions. This includes errors that release, misclassify or lose information. This includes compromised accuracy, misuse by legitimate users, and uncontrolled access.

   

• Computerization. While in some situations computerization increases privacy protection (for example, by adding passwords to sensitive areas), it may also decrease privacy protection for the following reasons.

   

  • Computerization enables storage of large amounts of data in small spaces. Thus when an intruder gains access, it is access not just to certain discrete amount of data, but to larger collections, and perhaps keys to even further information.

     

  • Networked information is accessible from anywhere at any time, allowing a larger number of people access. This increases the possibility of mistakes or other problems such as misuse or leaks of data.

     

  • New databases and different types of data sets are more easily created. This both drives demand for new information and makes possible its creation.

     

  • Information is easily gathered, exchanged and transmitted. Thus potential dissemination theoretically limitless.

   

   

• Access by unrelated parties.
  • Insurance companies. They may either check records before approving treatment or who may check records before extending coverage.

     

  •  

    Drug companies. These companies may have deals with doctors and hospitals, and who may use the list for marketing. (Consumer Reports)

    For example, PCN (Physician's Computer Network) has access to the patient records of 41,000 doctors, which is about 10% of office-based doctors in the United States. By participating in the PCN, a doctor requires a doctor to view promotions from drug manufactures. In addition, PCN reserves the right to copy information from the computer to other companies. Of course, this can only be aggregate data, but may include ages, diagnoses, treatments, and prescriptions.

    Most policies that consumers fill out have an authorizations to RSA information to the insurance company. Most insurance policies sold in the U.S. and Canada also give notice that a report may be filed with the Medical Information Bureau (MIB), which is financed and run by the insurance industry to detect fraudulent applications. Of course, not everyone is included in the MIB database.

   

• Employers

   

• Court subpoenas. Often a patient will be unaware when her or his records have been subpoenaed. Even worse, unnecessary information is often included when the records are not adequately screened.

Return to EPIC Medical Privacy Page.

Return to EPIC Privacy Page.