When it comes to matters of personal privacy, medical records can be thought of as the Holy Grail. To most of us, there's probably nothing higher on the list of things to keep private and secure. We simply don't want the world to know about our medical conditions, or treatments we're undergoing.
Medical records may also contain other information best kept private and secure. Social security numbers and financial information are good examples. Because of the personal nature of these records and the wealth of information they contain, there are federal and state laws that protect your privacy. But just how private are they?
Late in 2009, some incidents were reported that may make you wonder just how private your medical records really are:
Health Net, a managed health care company, is based in Delaware but provides health benefits to approximately 6.6 million people across the US. In May 2009 a computer disk containing medical and financial information of over 400,000 customers was discovered missing from its Connecticut office. It's assumed the data was stolen.
In December 2009, Health Net informed state and federal authorities about the theft. The company also began mailing letters to affected customers. The letters told them about the security breach, assured them that the information was encrypted and not easily accessible to the thieves, and offered free identity theft and credit protection from May 2009 through December 2011.
The disk contained customer information from 2002 to mid-2009. An investigation undertaken by the company determined that the disk drive included basic patient information, like social security numbers, as well as protected health and financial information.
Connecticut's Attorney General Richard Blumenthal asked the FBI to investigate the loss or theft of the disk.
Records Revealed in Court
Aurora Health Care, Inc., a health care provider based in Wisconsin, has been sued by a number its customer-patients because their medical records were disclosed. How? Sometimes doctors file for bankruptcy protection when they can't afford to keep their doors open. When this happens, a doctor may owe money to a health care provider, like Aurora.
Aurora files claims against doctors filing for bankruptcy to try to recover the money owed to it by bankrupt doctors. The patients' lawsuit alleges that the company revealed their personal medical information when it filed claims in bankruptcy courts. Those court records are public records and are open to anyone who cares to look at them.
The patients are asking that their medical information be removed from the court files, and they're also asking for $25,000 each as damages for the breach of their privacy.