Warning: Your doctor can’t protect your privacy or your medical records

There is a growing concern by Americans that their personal and private information is being collected and shared without their knowledge and consent.

For example, in Florida teachers, parents, administrators and students are voicing concern over the data mining component of Common Core, which will give access to every public school students’ private information to those outside the classroom or school house. WDW – FL reported recently on how the iBloom website was compromised in New York, allowing hackers to post public school students’ medical information and grades on the internet.

Recent scandals about government spying on individuals pales in comparison to the revelation that HealthCare.gov was recently hacked. Cyber security experts are warning about efforts by foreign governments, such as Russia and China, to compromise medical databases. But this is just the tip of the iceberg according to Florida doctors.

As health records are digitized they become more sharable and more vulnerable to privacy violations.

The more individual information is placed on large centralized databases the more that information may be accessed, without the knowledge and consent of  the individual. Doctors in Florida are raising privacy concerns as they fully implement the “electronic health record” (EHR) mandate for their patient’s records. Doctors worry about their loss of control over their patients’ records and their ability to limit those who access them. They worry about the growing the risks and liability of a privacy violation.

The US Department of Health and Human Services website states, “With the passage of the American Recovery and Reinvestment Act (ARRA), an environment has been created that requires the adoption of Electronic Medical Records (EMRs) by 2014 for seventy percent of the primary care provider population.” See an overview of the Recovery Act.

HHS warns, “ARRA authorizes the Centers for Medicare & Medicaid Services (CMS) to provide a reimbursement incentive for physician and hospital providers who are successful in becoming ‘meaningful users’ of an electronic health record (EHR). These incentive payments begin in 2011 and gradually phase down. Starting in 2015, providers are expected to have adopted and be actively utilizing an EHR in compliance with the ‘meaningful use’ definition or they will be subject to financial penalties under Medicare.”

Florida’s doctors are scrambling to implement the AARA mandate, at the risk of violating the HIPPA mandate.

Doctors can no longer guarantee that a patients medical records are safe and secure from prying eyes. Yet, Florida’s doctors according to the Health Insurance Portability and Accountability Act (HIPAA) must, “[R]equire that healthcare providers (Covered Entities) and Business Associates apply appropriate administrative, technical, and physical safeguards to ensure the privacy of Protected Health Information (PHI). Additionally, the HITECH Act requires that they implement policies, procedures and technical controls to ensure the confidentiality, integrity and availability of electronic PHI data. The Act also tightened breach notification requirements, increased financial liability amounts and established that covered entities are liable for their business associates.” The doctor does not have total control of the patient record, but the doctor is liable for a breach, according to the law.

This is a medical Catch-22. Doctors no longer control their patients privacy but are required by law to protect their patient’s records.

This reminds us of the Capital One credit card commercial that asks: What’s in your wallet? Florida doctors are now asking: Who’s in my medical records?

---