Skip to content

Health Care Reform:

Health Insurance & Affordable Care Act

Are Your Medical Records Vulnerable To Theft?


Standard email isn't secure enough to meet the standards of America's umbrella medical privacy law, known as HIPAA. That's why many doctors don't communicate with patients via email, and continue to send prescriptions and referrals via fax.

Some electronic records systems offer secure “patient portals” that allow patients and doctors to communicate electronically. More doctors and hospitals will have to start offering this service if they want to qualify for the maximum amount of stimulus act payments for going digital. But not all insurance companies will pay doctors for the time they spend communicating electronically, so many require patients to schedule an office visit instead.

How secure are my electronic medical records?

As more doctors and hospitals go digital with medical records, the size and frequency of data breaches are alarming privacy advocates and public health officials. Although health care providers face serious penalties if they allow patients' electronic records to be breached, thieves also have tremendous incentives to get around protections because health records contain so much valuable information.

Privacy experts argue the health industry has been slow to respond to such incidents by adopting the encryption techniques used for years by financial companies.

In the recent breach of Community Health System, a hospital chain based in Franklin, Tenn., Chinese hackers bypassed the hospitals’ security systems and stole personal data, including names, Social Security numbers and addresses of 4.5 million patients. Community Health said it would offer identity theft protection to affected patients and carried cyber insurance to mitigate some of its losses.

This video from the federal Health and Human Services department's Office of Civil Rights explains some of the protections currently in place, as does as this fact sheet. The Federal Trade Commission offers this advice on preventing identity theft and protecting digital personal information.

Can emergency room doctors call up my electronic medical records if I'm in an accident and unable to give them basic information?

Probably not.  A major criticism of electronic medical records in America is that the companies that make them have financial incentives to keep them from being easily shared. It's kind of like Windows versus Mac operating systems. Many companies are trying to win market share by creating software that doesn't “talk” to that made by other companies, so if a big hospital uses software from company X, then all the doctors that work with that hospital will have an incentive to buy that software, too.

If you're unconscious and an ambulance takes you to a hospital you've been to before, they can probably call up their records for you if you're carrying some kind of identification. But they may not be able to access pertinent information stored on other doctors or hospitals' computers.

Wed, Aug 20 2014

Your Costs

See insurance premium
costs and financial aid.

Start Here

Health Insurance

Find a plan that's right
for you.

Start Here

Your State's Insurance Marketplace

Get informed about plans, benefits and costs.

From WebMD
Loading …
URAC: Accredited Health Web Site TRUSTe online privacy certification HONcode Seal AdChoices