The Ethics of Patient Privacy: An Update

If you step into an elevator and overhear two healthcare professionals discussing confidential patient information, you would quickly know that a patient’s privacy had been breached. However, in today’s healthcare climate of electronic data and other highly technologically savvy health information management practices, determining if a breach has occurred can sometimes be a bit tricky. Not only can you not always tell if your information was leaked, but you also have to trust that those in charge at your doctor’s office, hospital, and other healthcare facilities will do the right thing and report any errors as soon as they happen.

As a health consumer, you need to be concerned about the information your providers store, along with all of the health-related data that you probably generate yourself. Each time you download your wearable fitness tracker or enter information into a health app, you’re putting information about yourself out into cyberspace that could get into the hands of the wrong people. Some people are even willing to share their personal health information with researchers and companies who create and sell wearable technology.

Wearable tech is an excellent way for patients who have chronic illnesses like diabetes to track symptoms and can also help achieve goals like weight loss. This information can be used to track and trend health-related decisions about hundreds of thousands of people into what’s called big data. All of this information is useful to researchers. However, this type of data comes with security threats because hackers can gain access to personal data like your emails, the routes you travel each day, and even which ATMs you use regularly.

While this might feel a bit scary, it’s essential that you know how to keep your information safe and what responsibilities lie squarely on your provider’s shoulders.


Patient Privacy 101

Before we go too far, it’s critical that you have a thorough understanding of patient privacy and security. Your privacy should be a top priority for you and your care providers, but it must also be a viewed as a critical part of a healthcare administrator’s role. These professionals aren’t responsible for your physical care, but their job is just as essential to patient privacy. They’re responsible for maintaining the confidentiality of your health and financial records and should respond promptly to any concerns or complaints you have.

State and federal governments also play a vital role in confidentiality. In 1996, the Health Insurance Portability and Accountability Act, also known as HIPAA, was passed by Congress. This law protects your health information from being given to people or companies without your consent and also provides you with specific rights to your own data. HIPAA applies to electronic, written, and verbal information. It also provides a framework in which your data must be protected through physical, technical, and administrative safeguards. Your state may also have rules about healthcare information that your providers must follow too.


How Your Information is Protected

Because health information technology has become a complex and sophisticated endeavor, care providers are held to strict standards when it comes to health records. Here are a few ways your providers must comply.

Proper Use and Disclosure

HIPAA allows doctors to share your healthcare information with other providers so that you can receive the best care and most accurate diagnoses. It also offers provisions to share your information with your health insurance company so that bills can be paid. These are both essential data touchpoints, but every time your data is transmitted electronically, there is a risk for a breach. Your providers and health plans must follow HIPAA in terms of uses and disclosures, meaning that they can’t sell or give your information away without your permission unless it’s for treatment, payment, or healthcare operations. They are required to follow the privacy rule and any additional requests you authorize in writing.

De-identifying and Cybersecurity

Health information management (HIM) professionals play an integral role in protecting your data. They manage the flow of information in and out of the facility and ensure that sensitive information is de-identified before being sent. HIM professionals also protect your data from outside threats in the form of cyberattacks, which costs the industry about $5.6 billion each year.

These attacks come in many forms, like malware, ransomware, and phishing attacks. Hackers are sophisticated and know how to penetrate electronic systems at their weakest point — the people who use it. HIM professionals must work to protect data by educating workers to recognize cyberattacks and respond to them correctly. They also work strategically and proactively to influence best practices and laws to keep health-related information safe today and in the future.


How to Protect Your Health Information

All of this talk about privacy might have you wondering if there are any strategies you can take to protect your health information from landing in the wrong hands. Here are a few ways to keep your data safe:

Think Before You Share

While many people are comfortable sharing information, it’s critical to know that some entities aren’t covered by HIPAA. This means that nothing is keeping them from sharing your health-related data with others, or even selling it. Wearable technology is a gray area when it comes to being covered by privacy laws. An excellent rule to follow to keep your data safe is never to share information online that you don’t want made public.

Verify the Source

Scams are everywhere. So, before you give your social security number or other private information to anyone over the phone or computer, verify who they are and why they need these details. You also need to make sure they are a covered entity under HIPAA before you provide any information. It’s also a good idea to shred any old documents like insurance forms or physician’s statements to keep you safe.

Set up Your Own Protection

It’s hard never to share information online. However, you must be sure to set up passwords for any sites that store your health details. Be sure to change your password frequently, never use the same one twice, and create a password that isn’t easy to guess.

Keeping You Safe

You probably go to your doctor with full faith that they can give you a diagnosis and treatment to keep you well. But, it’s crucial to remember that one visit can generate electronic information that can put your personal and financial history and future in jeopardy. You must know your rights and responsibilities and take an active role in keeping your data safe.


Adrian Johansen writes in the health and wellness fields, trying to combat the spread of misinformation and psuedoscience. You can find more of her writing at contently or on twitter.