Your medical information is not private, and it’s sold routinely

Privacy, is it important to you?  Do you believe that your medical and personal information should be kept in strict privacy?  Do you expect your doctor to keep your information private? What is the cost of privacy?

The computer I am typing this article on is protected by Norton’s Security Suite and by Comcast’s Constant Guard.  My friends, family, and patients invest a small fortune every year to keep their computers secure.  Their computers contain highly private information:  important information like their emails, contact lists, and passwords.

Your medical records contain even more vital information:  highly personal secrets about you, things that should never be shared with anyone.  Your medical records are protected by strict laws.  Your information can only be shared with your permission.  Your wife and family do not have access.  Your priest does not have access.  Only you can release your most personal information.  Your medical information is private, or is it?

Your medical information is not private.  You sell it without realizing it.  Have I got your attention?

Ever look at your office bill or EOB (explanation of benefits)?  On your bill are coded numbers (CPT and ICD9).  Those numbers tell your insurance company or Medicare exactly what you have and exactly what I did.  In order to have your medical bills covered by your insurer or government, you authorize the release of all of your most personal information to them.  They not only get the bill with all of its coding, they have the right to look through your chart and any other charts in any other docs’ office at anytime!  You sell your privacy for the cost of your care (or whatever is covered).   Is it really worth it?  What is the cost of privacy?  Is privacy valuable to you?

Can your loss of privacy hurt you?  Do you really want some faceless clerk in some insurance company’s cubicle reading about that piercing you got while you were drunk?  I don’t think so.

I think privacy is one of the most valuable assets you can have.  I believe in the sanctity of the doctor-patient relationship and that what you tell me should be held in the strictest confidence.  How else are you supposed to be able to tell me truths that are embarrassing or worse?

Now that you know the medical world’s dirty secret, the secret that has been right in front of your face all these years, it’s time to answer the question, “What’s your privacy worth to you?”

Stewart Segal is a family physician who blogs at Livewellthy.org.

Submit a guest post and be heard on social media’s leading physician voice.

Comments are moderated before they are published. Please read the comment policy.

  • http://twitter.com/Cascadia Sherry Reynolds

    Kevin in order for people to feel like they are participating in a current conversation it would really help if you included the publish date on the guest blog posts.

  • http://www.facebook.com/people/Terence-Ivfmd-Lee/1523282856 Terence Ivfmd Lee

    Here’s something a bit unexpected maybe.  Twice this year, I was asked by patients if my office used EMR. Why? The patients stated they preferred their clinical information remain only on paper charts because they were concerned about their privacy. Now granted, the area of fertility treatment has many privacy implications that are unique to our field, but still, shouldn’t everybody have the right to privacy for their medical information regardless of the specialty?

    • Anonymous

      While some treatments for infertility are covered (the early simple drug treatments) by insurance, aren’t many of them still not covered? I wouldn’t see the need for sharing the information that isn’t covered with the insurance company. I am not sure how that works and was wondering. 

      • http://www.facebook.com/people/Terence-Ivfmd-Lee/1523282856 Terence Ivfmd Lee

        Yes, you are correct in that most of the time, my patients don’t use insurance for their treatment. When it comes to privacy of traditional paper charts vs privacy of electronic records, the patients mindset went something like this. My information in safe in PAPER CHARTS, unless somebody physically breaks into the doctor’s office, pries open the locked cabinet and steals the chart. Unlikely. My information is safe in ELECTRONIC RECORDS unless somebody hacks into the system. Unlikely. Both scenarios are highly unlikely, but the conclusions is that most patients fear the latter unlikely scenario more than they fear the former unlikely sceario.

  • Anonymous

    Even without the insurance company, your private medical information is between your doctor, the nurse, the medical assistant, the receptionist, the phlebotomist, a variety of technicians, the NP or PA because your doctor doesn’t have time to see you.

  • Brian

    Are “Free” EMRs really free?  Here is a direct copy and paste from Practice Fusion’s privacy policy (https://www.practicefusion.com/pages/privacy-policy.html):

    “We have the right to remove personal identifiers from your personal
    information, so that it cannot reasonably be used to identify you. In
    the User Agreement, you transfer and assign to us all right, title and
    interest in and to all such de-identified personal information, and you
    agree that we may use, disclose, market, license and sell such
    de-Identified personal information for any purpose without restriction,
    and that you have no interest in such de-identified personal
    information, or in the proceeds of any sale, license, or other
    commercialization thereof.”

    • http://www.facebook.com/people/Terence-Ivfmd-Lee/1523282856 Terence Ivfmd Lee

      We were/are in the process of evaluating PracticeFusion. Thanks for the warning!

    • http://twitter.com/PFPressCenter Emily Peters

      Hi Brian – You can read more about the public health research conducted through Practice Fusion’s Research Division online here – http://www.practicefusion.com/research . We team with universities and groups like Tableau to use strictly de-identified information to track disease outbreaks, adverse drug reactions and health trends.  I’m happy to answer any questions you have. Just email me at emily@practicefusion.com

  • http://twitter.com/livewellthy Stewart Segal

    While privacy should be priority number one, the sharing of information among the members of your medical team, is crucial.  In my practice, specific “rights” to information are assigned to each office member.  Information access is on a need to know basis.  The same holds true regarding the sharing of information with the consultants involved in a patient’s case.
    One of the best features of the electronic medical record is the ability to “lock” parts of your chart and restrict access.  Paper records offer no such protection.

  • http://twitter.com/livewellthy Stewart Segal

    While privacy should be priority number one, the sharing of information among the members of your medical team, is crucial.  In my practice, specific “rights” to information are assigned to each office member.  Information access is on a need to know basis.  The same holds true regarding the sharing of information with the consultants involved in a patient’s case.
    One of the best features of the electronic medical record is the ability to “lock” parts of your chart and restrict access.  Paper records offer no such protection.

  • Anonymous

    Sharing information among members of your medical team is fine.  Sharing it with insurance companies who can then refuse you treatment because they now can say you have a pre-existing condition when you go back next year when the problem flares up again is just ridiculous.  The pet insurance companies do this all the time. Health insurance is becoming a racket just like homeowners and auto insurance.  You pay for it but you get penalized for using it. 

  • Anonymous

    Oh, for heaven’s sake, doesn’t anyone read their HIPAA and privacy agreements? I do, and every one of them clearly states that information necessary to pay the bill will be sent to your health insurance company! And paper records won’t stop that, either, because your insurance company won’t pay without documentation, so it has to be either scanned in and sent, faxed, or mailed.

    If you “sell it without realizing it,” then you haven’t read either your insurance agreement or your privacy agreements with the doctor. For shame!!

    If you don’t want that to happen, then drop coverage and pay for your healthcare yourself! Just don’t make the government do it, they will want your records, too.

  • Anonymous

    If you expect your insurance company to pay for your treatment, the provider has to tell the payor what was done, the codes are universal not for US information.  HIPPA law forbids the release of any information to any source including the family without permission of the patient, or patient guardian.   

    “As part of the Administrative Simplification provisions, the HIPPA Privacy Rule protects individually identifiable health information.  Health information is information about a patient’s past, present or future physical or mental health or payment for health care.  If this information can be used to find out the person’s identification it is referred to as ‘protected health information.”

  • http://twitter.com/lsimovic lsimovic

    Kevin is right. 

  • http://twitter.com/lsimovic lsimovic

    I used to work for a company that purchased exactly this type of data.  Yes, we did know exactly what CPT codes and ICD9 codes were used on every insurance claim for each patient.  What we did not have however was who those patients were. We only had a simple identifier.  This data was used for creating targeting data sets that were sold to Pharmaceuticals so that they Pharma Sales Reps could detail the hospital based physicians better.  Your information is sold, however only the activity, the personal information: i.e. who you are, was protected.  Hopefully that sheds some light.

  • http://www.facebook.com/Worldpeaz Ruthie Benjamin

    I’m an older and very poor medical transcriptionist.  For anyone who doesn’t know what an MT does, we transcribe what health care providers dictate and upload it to the hospital as a medical report.  My job also involves making sure the correct patient is matched to the dictation by the demographics (patient information).  These jobs have been being outsourced to other countries within the past 10 years.  What used to be a lucrative career has turned to slave labor.  I do wonder if HIPPA extends abroad.