ABC News reports on medical data and whether patients and doctors can keep this personal information secure. (StoryÂ is here. Caution: Video with sound starts automatically.)
Julie, a lawyer from Boston, discovered that her sensitive health information was available to anyone who worked at the hospital.
“My expectation was that my records were going to be private, especially my therapy records,” Julie said. “And if another doctor wanted to see my records, they’d ask me and then I’d give my authorization for them to view my records if they needed to see them.” […]
“I thought I had protection under HIPAA (the Health Insurance Portability and Accountability Act) for my psychotherapy notes to be private and I thought only my psychiatrist could see those,” the 42-year-old said, adding that she noticed over the years her physician started entering them electronically.
What she didn’t realize was that her physician’s notes could be accessed by doctors and other health-care providers who worked in the same health-care system (6,000 doctors and nine affiliated hospitals) to have access — information she learned after going to see an on-call physician for a stomach issue and realizing he knew about intimate relationship information only disclosed to her psychiatrist.
Concerned, she requested a copy of her medical records from the health care system.Â Within those records she saw every note, every meeting, every conversation she had with her psychiatrist. […]
And while most hospitals have rules about who may access medical records, compliance for the most part is not strictly regulated.
In fact, an ABC News investigation found that often medical information is so unprotected, millions of records can be bought online. Because so many people have access, the entire system is vulnerable to theft, experts told ABC News.
To see exactly how easy it was to find medical records online, ABC News enlisted the help of IT specialist Greg Porter, a consultant with Allegheny Digital.
“This isn’t very sophisticated,” Porter said. “If you can use a Web browser and you can search to www.google.com, you can begin to try and obtain some of this information.”
With two clicks of a mouse, Porter found somebody willing to sell a data dump of diabetic patients with information including their names, birth dates and who their insurance provider was, among other details. Another seller offered 100,000 records of customers who purchased health insurance in the last three to 12 months.