According to the Patient Privacy Rights Foundation, an Austin-based watchdog group, some 800,000 companies, government agencies and other organizations can tap into personal medical information almost at will. Pharmaceutical information is mined daily, your prescriptions, are an open book to all sorts of companies that don’t have to tell you what they’re doing with the information.
When Congress passed the Health Insurance Portability and Accountability Act in 1996, (HIPPA) it told the Department of Health and Human Services to require patient consent before records could be disclosed. This requirement prevents doctors or medical care facilities from releasing information about your condition or treatment without your permission. HIPAA was written to allow the sharing of medical information among health care providers, acknowledging the electronic management of files. The hope is that electronic medical records would help reduce health care costs.
However, in 2002, the Department of Health changed the wording of its rules to eliminate the consent requirement as it relates to treatment, payment or health care operations, an ill-defined phrase that allows broad access to personal medical information.
The 2002 changes allowed the sharing of information not just among doctors, but also among other “covered entities,” which can include business affiliates of health care organizations such as data clearinghouses, accounting firms, law firms and even banks.
A simple example, demonstrates the frightening extent to which your health history may creep into all aspects of your public life. The Federal Deposit Insurance Corp., the government’s banking regulator, has a policy saying that creditors aren’t supposed to use medical data in determining whether a person is eligible for a loan. Yet, the policy provides that once obtained, creditors who have such information can share it with their “affiliates.”
Once shared, it’s considered credit information, not medical data. Consumer groups warn that such information can even find its way into our credit scores and might even affect the rate we pay on loans or our ability to get financing.
You can ask data collectors not to share your information, but under the federal guidelines, they can ignore your request, and most of them do. The data is too valuable to insurance companies, data miners and even marketers who are building a cottage industry selling customer information.
Late last year, the Wall Street Journal reported that some large companies are beginning to collect and store employee medical data in the name of cutting insurance costs. Employers have control vast electronic warehouses of their workers’ personal information. Many informed consumers choose to pay for treatment in cash, to keep their name out of the system. So do many well-known athletes. But for most of us, foregoing insurance benefits is not an option so our most-intimate of information is out there for the data miners.