Imagine how horrifying it would be if you were battling cancer, and then saw details about it in the tabloids. What if you were looking up the results of a paternity test, and upon signing in to the website discovered that you had unfettered access to more than 6,000 other people’s test results? What if you were diagnosed with a sexually transmitted disease and then found news of your diagnosis plastered on Facebook by a former friend who happened to work at the hospital where you received treatment? Perhaps the worst example of all, what if you were watching a reality show that was filmed in an emergency room, and the man that you saw dying right there on your TV screen was your husband, who had died a year earlier after having been hit by a sanitation truck? These things actually happened and were highlighted in a Washington Post article about the lack of privacy around health records.
The author of the article, Charles Ornstein, regularly reports on the federal patient privacy law known as the Health Insurance Portability and Accountability Act (HIPAA), and how non-compliance with this law has caused people’s medical records to be compromised in many ways that could have devastating and lasting consequences for the patients and their families. Many Americans blithely expect that HIPAA is protecting the privacy of our medical records when in fact, in many cases it is not. The department of Health and Human Services Office for Civil Rights is charged with enforcing HIPAA regulations and taking action against anyone who violated the law, except that they are doing neither.
In his Washington Post article, Ornstein writes that the HHS Office for Civil Rights received about 18,000 complaints in 2014, but took action on only 6 of them. The HHS inspector general admits that the office does not keep track of repeat offenders, and they do not do anything to stop them.
The Office of Inspector General (OIG) for HHS OCR is calling on the Office for Civil Rights to strengthen its HIPAA enforcement efforts. In the first quarter of 2016 the agency will launch HIPAA policy audits to ensure compliance by covered entities and their business associates.
Notice of Privacy Practices for Protected Health Information
The next time you visit your doctor or hospital for treatment, ask to see their Notice of Privacy Practices. You have the right to be informed about the privacy practices of your health care provider, and how your private health care information is being handled. Visit hhs.gov to download fact sheets about your health information privacy rights so that you will have a clear understanding of what they are so that you can know when they have been breached.
If you believe that the privacy of your personal health records has been compromised, you can file a complaint with HHS Office for Civil Rights. You can also fill out a short questionnaire that would help ProPublica in an ongoing investigation of HIPAA violations, and how medical information is tracking you across the Internet.