Should patients be worried about the security of their health information?

Should people be worried about the security of their health information? In the past, I used to believe that perhaps the issues of security and privacy (an issue that is related to but NOT identical to security) were overblown. I would go so far as to suggest that those with vested interests used these two issues to maintain control and prevent sharing of information (that was the cynic in me). Around the same time, I also held a similar idea that patients didn’t really concern themselves with privacy so much. Most patients assume that health providers share information as needed and that explicit consent to share information between providers was the strangest (if not the dumbest) thing. I also believed that health care organizations seemed relatively secure, based on the measures they take which include triple identity verification and limiting remote access.

Today, I’m not so sure if I feel as confident about the security of my health information. Recently, a family member of mine was almost a victim of fraud (a stranger tried to withdraw a few thousand dollars from a personal account). This incident is my personal connection with the issue of security. The news has some more spectacular reports about security of health information: a stolen laptop with data on 28,000 home care patients and a hospital firm is robbed of 10 computers. To make matters worse, a survey finds that the majority of IT professionals don’t “feel confident they can prevent data breaches” (you can view the full report here). Whoa – if IT professionals don’t feel that they have the necessary resources, are we waiting for a catastrophe? Unfortunately, the survey doesn’t break down the results based on industry. As a result, we don’t know if health care is any better (or worse) than the rest.

I’m not trying to sound like I’m paranoid or some cynic about ehealth and maintaining electronic records of our information. I actually believe that we need to make more of our health information available in electronic format. But, we need to be more vigilant about securing our health information. For example, maybe IT professionals should draft some guidelines (if not rules) on how to dispose of technology, be it CDs/DVDs, hard-disks, or whatever else may contain health information. As we slowly move away from paper, we will need to be more careful about how to dispose of old storage media. For example, patients, in particular, should take care to learn how to dispose of their computers.

So, should you be worried about the security of your health information? I would say “yes” only so that we don’t become lazy in protecting our information. As individuals, some simple precautions could include:

  • Shred paper records – use a shredding device to dispose of paper based records (i.e., health information, bills, and any other information with your identity on it). I would recommend a shredder that cuts in “diamond” shaped patterns. I find that the “strip” method is easier to re-assemble paper records. A friend of mine goes so far as to throw out shredded documents over the course of several weeks (handfuls at a time in different bags containing “wet” materials from the kitchen).
  • Do not give out personal information over the phone: Unless you’re absolutely sure about the identity of the person on the other line, don’t give out personal information. In fact, if someone calls and asks for your information for “verification” purposes, ask them to tell you what they have. If it’s incorrect, call them back using the official number provided by the company. I’ve had to teach my parents not to give out their information over the phone (they’re a bit too trusting). Now, when they get a call from a credit card company or some other institution, they listen to what the person has to say and hang-up. They call the company back in five minutes and provide any information (if necessary). I’m sure if this method is not fool-proof, but it’s better than giving out your information willy-nilly.
  • Use pseudonyms on the Internet: I would suggest you create some fake online identity and use it for registering on websites. Try not to use websites that keep your credit care “on file” for your convenience.
  • Ask your health care provider about their security measures: I think we all need to keep our health care providers (be it your physician or your hospital) accountable about keeping our health information secure. Health care providers are busy and often over-worked and usually don’t have excess time to think about things other than taking care of people. As patients, we need to keep reminding them to remain vigilant. We, as patients, also need to help our health care providers too.

I’m pretty much out of ideas as to what else to do to help keep your health information safe. As individuals, we have to put a great deal of trust in the institutions that store and collect our health information. After the terrorist attack on September 11th, 2001, the American government told its citizens that everyone has to play a part in keeping one another safe. Sounds like good advice.