The news is by your side.

Your health information has been hacked. What now?

Health
0

Your health data is exceptionally valuable – and exceptionally vulnerable.

This has become clear from a series of recent breaches that exposed sensitive medical information, including a hack at the genetic testing company 23andMe; a ransomware attack in November, this affected emergency rooms and delayed medical procedures in hospitals in several states; and a cyberattack on a medical transcription company that stole the health data of nine million people.

Such major breaches are becoming increasingly common: more than in the first ten months of this year alone 88 million individualsAccording to the Department of Health and Human Services, a quarter of Americans had their medical records public. And that number doesn’t include cases involving companies that may have access to your health data but aren’t covered by the patient privacy law known as HIPAA, which requires breaches to be reported to the federal government.

For people whose information has been leaked, a breach could violate patients’ privacy and put them at risk of identity theft, insurance fraud or discrimination if, for example, their treatment for a stigmatized condition such as addiction or AIDS is made public, said Dr. Eduardo Iturrate, health IT security officer and senior director for enterprise data and analytics at NYU Langone Health.

While a breach can leave you feeling helpless, there are steps experts recommend you take.

Hospitals and healthcare companies often store some of our most intimate data: medical diagnoses, treatment history, financial information, and in some cases, your Social Security number. If your information has been leaked, the first thing you need to do is find out exactly what was revealed.

In the case of 23andMe, which is not covered by HIPAA, the company said hackers may have accessed ancestry data, “health-related information based on the user’s genetics,” and other personal information including display names and uploaded photos. The company said so is warning affected, but no time frame was given.

Organizations covered by HIPAA – including hospitals, health insurers, and service providers such as companies that create software used by healthcare systems – must notify patients within 60 days if their protected health information has been compromised. They are required to tell patients what steps they can take to protect themselves from potential harm and to share plans to reduce further safety risks, says Jacqueline Seitz, associate director of health privacy at the Legal Action Center, a nonprofit organization that advocates for legal health equity issues and issues.

Look for signs that someone is using your medical information, such as medical bills you didn’t receive, errors in your explanation of your insurer’s benefit statement, or a message saying you’ve reached your benefit limit.

Use a credit monitoring service to monitor and score your credit cards, and depending on what information has been exposed, consider placing a fraud alert on your accounts or freezing them. Also keep an eye out for financial accounts related to your health care, such as a health savings account, in case a hacker tries to withdraw funds.

Report any unauthorized charges or incorrect medical bills in writing. If you find an error in a bill or record, send your health insurer and health care provider a copy of your accurate medical records and explain why the information is incorrect. If you are on Medicaid or Medicare, you can do that too report fraud to the HHS Office of Inspector General.

These steps may be time consuming, but they are important to your future care. False information in your file can lead to medical errors.

Unfortunately, it can be virtually impossible to fully regain control of your information. “Once data is given to someone else and you don’t know what they do with it, there’s no way to get it back,” said Dr. Iturrate.

Still, experts say there are steps you can take to limit any damage and keep your data more secure in the future. Dr. Iturrate advised people to immediately update their passwords for any account that could be affected, such as a patient portal, and enable two-factor authentication if possible. Choose strong, unique passwords for each account and consider using a password manager.

Whether you use a genetic testing site, download a wellness app or visit a doctor’s office, you should also think carefully about the medical information you share, Ms. Seitz said.

“I encourage people to ask, ‘Do you really need my complete medical record? Do you have to give me a screening questionnaire about every time I’ve used drugs?” she said. “That is sensitive information, and it may not be necessary to be seen by your dermatologist,” she added.

Ms. Seitz acknowledged that most people, including herself, do not read the fine print of privacy agreements on health care websites. But you can still try to compartmentalize your personal data, for example by making sure you opt out of sharing location data or contacts. You can also create special email addresses for different healthcare accounts, or use an app like Permission slip to ask companies to delete your data.

There is no clear legal path to address most data breaches. People cannot directly sue their providers for a HIPAA violation, Ms. Seitz said. Some states have passed laws to protect certain types of health information, such as whether you have been tested for HIV, whether you have a mental illness, or whether you are seeking addiction treatment. The Genetic Information Nondiscrimination Act, known as GINA, also provides some protection against discrimination based on genetic information, but experts say this is the case. notable loopholes. For example, if you have tested positive for the BRCA1 breast cancer gene, GINA does not prevent mortgage lenders or life or disability insurers from using that information against you.

“Even if you can find a law under which you can file a lawsuit, winning a privacy case can be challenging,” Ms. Seitz said. “Different courts have completely different perspectives on proving damages.”

The recent breaches highlight why it is important to be vigilant and proactive in protecting your health information. But the responsibility shouldn’t fall solely on the consumer, says Anthony Vance, professor of business information technology and fellow of the Commonwealth Cyber ​​Initiative at Virginia Tech.

“You can post your information once and you’re done,” he said. “But companies that hold that data must protect it forever, and they need more incentives and better regulation.”

You might also like More from author

Leave A Reply

Your email address will not be published.