The Security of Your medical records

Your medical records weren't secure when they were paper; and they are even less so in electronic form. Any shred of privacy disappeared with HIPAA (1996, 2002). I've lost count of the number of times I've sat waiting in an exam room of a specialty clinic with the previous patient's information (including SS#) on the screen, or the name of the customer on the clip board with the number of the prescription at the pharmacy pick-up counter window. Read the small print in those privacy notices--it simply tells you who will see it--and that usually includes just about everyone you don't already know. "The HIPAA Privacy Rule allows a covered health care provider to use or disclose protected health information (other than psychotherapy notes), including family history information, for treatment, payment, and health care operation purposes without obtaining the individual’s written authorization or other agreement." (FAQ, HHS.gov)

President Obama said in his 2009 speech that electronic records for all, "will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests [and] save lives by reducing the deadly but preventable medical errors that pervade our health-care system."

Nice for them. Not so nice for us, says this psychiatrist. And if you've read up on medical errors, you see that a simple 2 minute check list, if followed, can reduce many of them. She suspects (and she's been treating people for 35 years) that once patients understand that a vast audience beyond their doctor can see this at the touch of a keystroke, they'll be less forthright and honest about what to put in the record. Consent, she says, must be built into the electronic records system. Patients should be able to decide who sees their records.

"A 2009 poll conducted for National Public Radio, the Kaiser Family Foundation and the Harvard School of Public Health asked if people were confident their medical records would remain confidential if they were stored electronically and could be shared online. Fifty nine percent responded they were not confident."

Sounds good, but I think that genie popped out of the bottle years ago. Even in the 80s before any of this was possible I read stories of the information that insurance companies kept in databases, and how they traded that information with other companies, therefore a missed DUI or a "forgotten" treatment for depression somehow managed to catch up even after the life or health policy was approved. A "Do not Disclose" request doesn't mean no one sees it. And for those who think having the government in charge of this information means everything will be fair, just, and work on your behalf, I give you the new IRS agents who will be in charge of seeing that it all works on the government's behalf.

Deborah Peel: Your Medical Records Aren't Secure - WSJ.com