As a patient at our pharmacy, your health is our priority. Another priority of ours? The privacy and security of our patients’ health information.
The Importance of Health Information Safety
Keeping personal information secure is no longer as simple as keeping your files in a lock box. With technology being a go-to way to store and access information, it is easier than ever before for your data to be stolen, leaked, and misused. This can lead to negative consequences like:
· Medical identity theft. Identity thieves can try to use your personal and/or insurance information to get things like medical treatments, prescription drugs, or surgery.¹
· Job discrimination. Employers having access to health information can influence hiring and firing decisions.¹
· Legal disputes. Some health information can affect the outcome of a legal dispute.¹
· Victim targeting. Certain types of patients can be targeted by scammers based on their medical diagnosis.¹
Because of these potential consequences, our government put in place the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This includes Privacy and Security Rules to protect individually identifiable health information. Entities subject to the Privacy Rule include:
· Healthcare providers. Every healthcare provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions.²
· Health plans. Including health, dental, vision, and prescription drug insurers.²
· Healthcare clearinghouses. An institution that electronically transmits different types of medical claims data to insurance carriers.²
· Business associates: Organizations using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity.²
It is important to note that not all organizations are covered by HIPAA. For example, when you store health information in a mobile app, on a mobile device, or in a personal health record that is not offered through a healthcare provider or plan, your health information is not protected by HIPAA.³ This can look like wearable technology like FitBit or Apple Watch and Health apps like Noom.
What Health Information is Protected by HIPAA?
The HIPAA Privacy Rule protects your health information by placing some limits on how it may be used and shared. Individually identifiable health information is protected by the HIPAA Privacy Rule. This is information that relates to your past, present, or future physical or mental health or condition; to the provision of health care to you; or to past, present, or future payment for the provision of health care to you.⁴ This also includes information that identifies you or for which there is a reasonable basis to believe it can be used to identify you. Examples of individually identifiable health information include:
Information your doctors, nurses, and other health care providers put in your medical record⁴
Conversations your doctor has about your care or treatment with nurses and others⁴
Information about you in your health insurer's computer system⁴
Billing information about you at your clinic⁴
Information used by companies or individuals that provide data, billing, or other services to doctors, hospitals, health insurers, and other healthcare care organizations.⁴
Protect Your Health Information: Dos and Don’ts
While HIPAA exists to protect health information held by health care providers, health insurers, and more, it is important to take precautions to protect the health information that you control.
DO secure your information with passwords. Use a strong password and update it often. A strong password should be at least sixteen characters, random, and unique from other account passwords.⁵
DON’T post health information online. Never post anything online that you do not want to be made public and never assume that an online public platform is private or secure. Information posted online is permanent.
DO use multi-factor authentication. Passwords can be vulnerable to hackers, so further protect your accounts by setting up multi-factor authentication. Common methods of authentication include a one-time passcode sent via text message, email, or authenticator app, security questions, face ID, and more.⁶
DON’T give your personal information to unverified callers. There are identity thieves who try to use personal health information to receive medical treatment, prescription drugs, and more. Verify the legitimacy of the caller before sharing your information.⁷
DO avoid using public wi-fi networks. Most free public wi-fi networks lack security measures, meaning, others using the same network could easily access your online activity. Avoid using public networks when accessing personal information or entering payment information.
DON’T fall for phishing attempts. Never click on unfamiliar links sent via email or text. Clicking on phishing links can result in your device being infected with malware and make your information vulnerable.
DO shred paper documents that contain personal health information. Shredding not only frees up space and helps the environment, it can also prevent unwanted parties from getting a look at your personal information.
DON’T use apps and websites without doing research. Use known and reputable apps and websites, especially those that involve sharing personal information. Read the terms of service and privacy notice to verify that the app/website will only perform the functions you approve.⁷
Privacy and security of our patients’ health information is a top priority. If you believe your information was used or shared in a way that is not allowed under the HIPAA Rules, or if you were not able to exercise your rights, you can file a complaint with the U.S. Department of Health and Human Services (HHS) or your State's Attorneys General Office.