It is almost impossible to safeguard any information that is stored/shared technologically. The question isn’t ‘if’ we’ll get hacked; the question is ‘when’. With all of the benefits availed to us as a result of the worldwide web, the risks we assume in accessing the web are enormous. No matter the healthcare provider, it is one thing to regulate disclosure of information and another thing to safeguard it.
According to Alice G. Gosfield, JD in Fam Pract Manag. 2002 Nov-Dec;9(10):35-40 in response to physician questions regarding HIPAA: “The good news is that under the final rule, you do not need the patient’s consent for most routine uses or disclosures of PHI related to treatment, payment and health care operations (TPO). Health care operations include but are not limited to fundraising activities; quality assessment and improvement activities; insurance activities; business planning, development and management activities; licensing and audits; evaluating health care professionals and plans; and training health care professionals.” HIPAA goes only so far in protecting my privacy or that of my clients—which is not far enough.
There are numerous issues that surround information disclosure. First and foremost, no matter how careful everyone is, personal information is not 100% secure. You can, however, safeguard your information as much as possible.
- Regarding disclosure of private health information (PHI): Ask and understand possible ramifications of disclosing information to physician office, insurance company, etc.
- Give out only that information that is necessary and only to the person(s) who directly need that information.
- Question how the information you provide will be used.
- Do not underestimate the importance of employing security measures (passwords, PIN, privacy settings) on any site that collects personal information (patient portals, etc.).
- Personal information posted on social media sites (Facebook, LinkedIn, Twitter…) is not secure.