How to Protect Your Health Information

Male doctor working on a futuristic touchscreen display

Over the past several decades, more and more health information is being entered and stored in computer systems and transmitted over the internet. While this has the potential to dramatically facilitate communication between health care professionals and improve the quality of care for patients, the increasing digitalization of our health records could pose a risk to our privacy. Make sure you know who has your health information and how to best protect it.

The main law protecting patients’ health information is called HIPAA, which stands for the Health Insurance Portability and Accountability Act. HIPAA protects the confidentiality of any individually identifiable health information. It applies to all health care providers and hospitals, health care clearinghouses that provide physician and hospital billing services and health insurance plans.

HIPAA applies to any files, voicemails, emails, faxes or verbal communications that could be traced back to an individual patient using a demographic marker, which is called “protected health information,” or PHI. PHI includes names, birthdates, dates of medical treatment, dates of death, telephone numbers, addresses, fax numbers, social security numbers, medical record numbers, photographs and finger prints.

However, it’s important to note that HIPAA doesn’t cover any health information that you control. If you have any personal health data on your personal computer or device, or if you send emails about it or write about it on online message boards, that information is not protected by HIPAA. That’s why it’s incredibly important that you never post anything online or send information in an email that you wouldn’t want to be made public.

What can you do to make sure that your health information stays as private as you want it to be? Here are some simple tips:

  • Make sure you have passwords protecting any computer or file where you store health information. Avoid downloading or printing private information on public computers, when possible, and if you must, make sure they are deleted afterwards.
  • Verify who you’re sending your information to. Double check that the address or fax number that you’re sending things to actually belongs to the person you intend to contact. If your pharmacy is sending requests for refills or other health information to your doctor, make sure they have the correct number. This can help make sure that people cannot steal your identity in order to get treatment, medications or procedures.
  • Don’t just toss out medical documents you no longer need – shred them. Safeguard the rest of your personal documents in a locked, safe place.
  • If you use any online websites to store your health information, check the privacy policy and make sure they have a strong security system in place.

If you feel that your health information has been exposed in violation of HIPAA, you can file a complaint with your provider or health insurance company, the U.S. Department of Health and Human Services Office for Civil Rights, or your State’s Attorneys General Office. The privacy practice’s notice you received when you started seeing your provider should also detail how to file a complaint.