How Private Is Your Medical Information?

Your personal health information may be kept in a virtual vault, but you may be surprised how many entities know the combination.
Your personal health information may be kept in a virtual vault, but you may be surprised how many entities know the combination.
Just about every American has encountered the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law requires establishment of national standards for electronic healthcare transactions and identifiers to be used by healthcare providers, insurers, and employers. HIPAA also regulates use and disclosure of Protected Health Information (PHI) by insurers, medical service providers, healthcare clearinghouses, and others entities.

PHI is information concerning your medical record and payment history and can be disclosed to facilitate treatment or payment without the patient’s express written authorization. However, entities subject to HIPAA must make a reasonable effort to disclose only the minimum information necessary for its purposes.

Why Medical Matters Are Rarely Strictly Between Doctor and Patient

People think of their medical information as being strictly between themselves and their doctor, but this is not the case. The main reason medical information is shared is third-party payment systems like health insurers, Medicare, and Medicaid. Whenever a third party is involved, medical information must be shared so that the third party can evaluate and pay (or deny) claims.

Aggregated medical information, which is supposed to be stripped of all identifying information, is also used by researchers and government entities like the CDC and National Institutes of Health for research and epidemiology studies. Aggregated information is also sold for marketing purposes to pharmaceutical companies.

How Medical Information Breaches Occur

Information breaches that expose patients’ confidential medical information usually involve sloppy security practices or criminal activity. For example, in 2011, an employee of Massachusetts General Hospital left a stack of records containing the protected health information of nearly 200 patients on the subway. The hospital was fined $1 million, but nobody knows what happened to the records that were lost.

Employee loss of a mobile device, flash drive, or paper records is a common way medical information is breached. Criminals occasionally appeal to the economic situations of low-paid healthcare workers by paying handsomely for medical records and insurance claim forms. This information may be re-sold, or used for medical identity theft as a means of obtaining medical care for people who don’t have health insurance.

When You Don’t Want Something to Be Part of Your Medical Records

Suppose you have a sensitive medical concern that you don’t want to become part of your medical records. The best way to maximize your confidentiality is to see a different physician from the one you normally see and pay for the visit yourself, without providing any insurance information.

You can ask your regular physician to keep a visit “off the record” if you pay for it yourself, but in a busy medical practice, it’s easy for the special requests like these to be overlooked. In other words, if the insurance specialist normally files for you after a visit, he or she may not notice a note in your record saying not to file insurance after a particular visit.

How Do Online Medical Facilitators Safeguard Your Medical Privacy

Many people turn to online medical facilitators for healthcare concerns that they don’t want to become part of their medical record. These facilitators do not file insurance, so records are closed off to the rest of the healthcare system. That said, it’s critical that you thoroughly check out the medical and online privacy statements of any online medical facilitator and confirm that your information is protected before proceeding.

Any online medical facilitator you consider using should be HIPAA compliant, and should have physical, electronic, and procedural protocols to thoroughly safeguard information collected about you. Furthermore, the site should meet the highest standards of e-commerce security, including Secure Socket Layer (SSL) technology on any page where you provide personal information. Personal information should be encrypted so that it can be transmitted safely and securely.

If you are interested in obtaining prescription lifestyle medications but do not want to risk your personal information being included in your medical history or your insurer’s database, consider using a trusted online facilitator like The information used by this facilitator is separate and apart from your normal medical information, and the site is both HIPAA compliant and committed to the latest in e-commerce security measures.

Your health information is personal, and if you want to ensure that it remains as confidential as possible, you need to take steps to keep particularly sensitive information out of the third-party reimbursement chain. allows you to do that.

Photo Credits: cooldesign /, Danilo Rizzuti /, Salvatore Vuono /

Leave a Reply

Generic Viagra, Cialis or Propecia