Our medical data is some of the most personal information that we entrust to third parties. Our medical records are sacred and their privacy is paramount. Which is why we have federal laws protecting the privacy of our medical records and requiring hospitals, clinics, and other health care providers to report hacked, lost, or otherwise exposed medical records. And those reports aren't good.
Since 2009, the U.S. Department of Health and Human Services has identified 1,634 breaches of patient medical information, and those are just the cases affecting 500 or more individuals. There could be thousands more medical data breaches (intentional and unintentional), possibly affecting your personal medical information.
Health Care Hackers
Malicious hackers exposed nearly 100 million medical records in 2015 alone. Health insurers BlueCross BlueShield and Anthem were both hacked, exposing the personal information of 21 and 78 million people, respectively. While the hack was probably targeting social security numbers, addresses, and phone numbers for identity theft purposes, the fact that the information was stored alongside personal medical records had many fearing that even more sensitive data could've been accessed.
As bad as hackers can be, there were twice as many medical information breaches attributable to theft, loss, or incompetence. As reported by Vocativ, these incidents included everything from cleaning crews accidentally throwing binders of testing information to clinics donating filing cabinets to charity without first removing "laptops that contained the names, social security numbers, and Medicare numbers of about 12,000 customers." In one case, a hospital employee misplaced a laptop containing the medical records of some 5,840 patients. The best investigators could do was guess that the employee left it on the fender of his car and drove away.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the confidentiality of your medical records and establishes federal rules that medical care providers must follow to protect the security of your medical information. If you suspect your medical privacy has been compromised, you can file a complaint with the Department of Health and Human Services, and you may also want to consult an experienced health care attorney about your legal options.