Understanding Your Rights around Healthcare and Data

This page serves as a white paper detailing your rights concerning your personal information and data.

Summary

In the contemporary landscape of healthcare and data management, the significance of individuals controlling their own medical data cannot be overstated. The complexity of the U.S. healthcare system, coupled with the nuances of HIPAA (Health Insurance Portability and Accountability Act) regulations, presents a challenging environment for safeguarding personal health information. The article elucidates the fundamental distinctions between privacy and confidentiality within the context of healthcare, underscoring the constitutional protections and ethical considerations that govern the handling of personal medical records. It highlights the criticality of the Patient's Bill of Rights in empowering patients within the healthcare system, emphasizing rights to information, privacy, and recourse in case of grievances.

Moreover, the discussion extends to the intricate dynamics of medical data commercialization, where entities like IMS Health navigate the peripheries of HIPAA regulations to trade anonymized medical data, thereby raising substantial privacy concerns. The article also delves into the specific challenges faced by veterans in accessing and managing their health records, revealing systemic issues in record-keeping and accessibility.

The commercial and legal frameworks surrounding medical data, including the alarming monetization of such data on the black market and the procedures for transferring medical records between providers, are meticulously examined. Additionally, the narrative addresses the overarching implications of HIPAA, detailing its privacy rules, the types of information protected, and the conditions under which medical information may be disclosed.

In conclusion, this article advocates for a heightened awareness and proactive management of one's medical data, reflecting on the myriad challenges posed by regulatory loopholes, the potential for data breaches, and the ethical dilemmas inherent in the commercialization of health information. It underscores the paramount importance of privacy, autonomy, and informed consent in the digital age, urging individuals to exercise their rights and responsibilities in the management of their personal health information.

Intro to the Patient’s Bill of Rights

Basic Constitutional Rights

4th Amendment - Privacy of the person and possessions as against unreasonable searches.

5th Amendment - privilege against self-incrimination, which provides protection for the privacy of personal information.

9th Amendment - "enumeration of certain rights" in the Bill of Rights "shall not be construed to deny or disparage other rights retained by the people."

Assures that the health care system is fair and it works to meet patients' needs.

Gives patients a way to address any problems they may have.

Encourages patients to take an active role in staying or getting healthy.

The Eight Key Areas of the Patient's Bill of Rights

Note: the following are rights that we already have:

Information for patients

Choice of providers and plans (if you can afford it)

Access to emergency services

Taking part in treatment decisions

Respect and non-discrimination

Confidentiality (privacy) of health information:
You have the right to talk privately with health care providers and to have your health care information protected. You also have the right to read and copy your own medical record. You have the right to ask that your doctor change your record if it is not correct, relevant, or complete.

Complaints and appeals

Consumer responsibilities

The Patient's Bill of Rights was created to try to reach three major goals:

To help patients feel more confident in the US healthcare system.

To stress the importance of a strong relationship between patients and their health care providers.

To stress the key role patients play in staying healthy by laying out rights and responsibilities for all patients and health care providers.

Confidentiality vs Privacy

What is the difference between privacy and confidentiality?

Confidentiality

• Confidentiality refers to personal information shared with an attorney, physician, therapist, or other individual that generally cannot be divulged to third parties without the express consent of the client.

• Law and ethics state that the doctor-patient interaction should remain confidential. The physician should never reveal confidential information unless the patient wants this information disclosed to others, or unless required to do so by law. If the release of information is warranted, information should be released in the form of an official signed document.

• Confidentiality is subject to certain exceptions because of legal, ethical, and social considerations.

Privacy

• Privacy is a right guaranteed by the United States constitution.

• While confidentiality is an ethical duty, privacy is a right rooted in common law.

Access to Patient’s Records

• Patient confidentiality is enshrined in law – the National Health Act 2003 makes it an offense to disclose patients’ information without their consent, except in certain circumstances.

• The Promotion of Access to Information Act 2000 gives everyone the right of access to records held by public or private bodies, provided it is for legitimate reasons. This includes health records. Either the patient or someone authorized to act on the patient’s behalf can request access.

• The Act says that the request should be refused if the disclosure to “the relevant person might cause serious harm to his or her physical or mental health, or well-being”.

How are veterans & wounded warriors' medical records kept up to date & how easy to access?

• Health records cover the outpatient, dental and mental health treatment that former members received while in military service. Health records include induction and separation physical examinations, as well as routine medical care (doctor/dental visits, lab tests, etc.) when the patient was not admitted to a hospital.

• In comparison, clinical (hospital inpatient) records were generated when active duty members were actually hospitalized while in the service. Typically, these records are NOT filed with the health records but are generally retired to the NPRC by the facility which created them. Medical records from the Department of Veterans Affairs (VA) are also not included.

• In 2014, the military services discontinued the practice of retiring the records to the Department of Veterans Affairs (VA) and had it dispersed based on the military branch.

• How to request for your records: Online eVetRecs system creates a customized order form to request information from your, or your relative's, military personnel records.

• Response time varies, from 10 days all the way up to 6 months for more complicated requests.

Where are veterans med records kept:

Medical record exchange internally & Databases

• The dominant player in the medical-data-trading industry is IMS Health, which recorded $2.6 billion in revenue in 2014. The company was taken private in 2010 and relaunched as public in 2014. Since then, it has proved an investor favorite, with shares rising more than 50 percent above its initial price in little more than a year. At such time, IMS was a $9-billion company. Competitors include Symphony Health Solutions and smaller rivals in various countries.

• Nowadays IMS automatically receives petabytes (1015 bytes or more) of data from the computerized records held by pharmacies, insurance companies and other medical organizations—including federal and many state health departments. Three quarters of all retail pharmacies in the U.S. send some portion of their electronic records to IMS.

• IMS and other data brokers are not restricted by medical privacy rules in the U.S., because their records are designed to be anonymous—containing only year of birth, gender, partial zip code and doctor's name. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, for instance, governs only the transfer of medical information that is tied directly to an individual's identity.

Transferring medical records between doctor offices?

• Under HIPAA, medical providers generally have only 30 days to fulfill a records request. Interesting fact- they are allowed to charge a reasonable fee to cover the costs of copying and mailing the paperwork. These fees vary from provider to provider.

• A link with fees varying by state: https://medicopy.net/who-we-are/blog/guide-of-state-statutes-for-copies-of-medical-records

Lab Work & Patient Access

• Under HIPAA, health care providers have up to 30 days to respond to patient requests for health care records, and freestanding labs will now join imaging centers, physician offices(law added in 2014), hospitals, clinics and other providers in complying with this requirement. Labs, like other providers, may charge patients for the cost of providing records.

• If the offices refuse your request without reasonable explanation, you can file a complaint with the Office of Civil Rights (OCR) at the Department of Health and Human Services.

How much money is made on the black market off of medical records?

HIPAA: The Health Insurance Portability and Accountability Act

What is the primary federal law pertaining to medical information privacy?

The Health Insurance Portability and Accountability Act (HIPAA) is the baseline set of federal regulations governing medical information. It does the following:

a) Creates a structure for how personal health information may be disclosed; and

b) establishes the rights individuals have concerning their health information.

What are the privacy rules of HIPAA?

The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

Three Major Provisions Covered by HIPAA

Portability
Medicaid Integrity Program/Fraud and Abuse
Administrative Simplification

What information is in medical records?

• Basic demographic data: address, phone number(s), email address, age, gender, and race.

• Full name and account number and sometimes Social Security Number.

• Medical history: diagnoses, treatments, diagnostic test results, and prescriptions, along with known medical conditions, allergies, and drug/alcohol/smoking habits.

• Billing and payment information.

• Information about your immediate family members, including any history of certain diseases, like cancer or diabetes.

Who may have access to your medical info?

• Life insurance

• Car insurance

• Long term disability insurance

• Employers

• Medical Information Bureau

• Pharmacy Benefit Managers

• Government agencies, like Medicare, Medicaid, Social Security Disability, Workers Comp

• State and federal public health department

• Law enforcement and courts

• National security entities

When is medical information not covered by HIPAA?

• When you pay for prescriptions or psychiatric treatment with a credit card.

• School records can contain records of physical exams, behavioral assessments, or treatment for sports injuries

• Employment records

• There's also the digital sinkhole of information we voluntarily give up via social media, health-related websites and chat groups, or mobile health and fitness apps.

Problems with HIPAA

It is a disclosure regulation law, not a privacy law;

Regulates how your health information may be disclosed, both with and without your consent;

Individual medical information can also be disclosed without your consent for public health reporting, to assist law enforcement, and for judicial and administrative purposes, or to determine your eligibility for benefits and services.

What is considered a breach of HIPAA?

• A breach of protected health information (“PHI”) is defined as the acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted by HIPAA, which poses a significant risk of financial, reputational, or other harm to the affected individual.

• The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision.

• Healthcare providers can also be at risk for sanctions or loss of license.

10 Common Reasons for HIPAA Violations

Employees disclosing information.
Medical records mishandling.
Lost or Stolen Devices
Texting patient information
Social Media
Employees illegally accessing patient files
Social breaches
Authorization Requirements
Accessing patient information on home computers
Lack of training

The Economic Losses to the Healthcare System

• Hospitals? Doctors? Patients' lawsuits?

• The total amount spent in the US for medical malpractice (including the amount spent by hospitals as well as legal costs) was estimated to be about $10 billion in 2010.

• In 2009 and 2010, more than 3,000 physicians were surveyed. The doctors estimated that about $650-$850 billion/year was spent on defensive medicine.

• The entire combined revenue for all hospitals in the US in 2010 was about $815 billion.

• A new study reveals that the cost of medical malpractice in the US is at about $55.6 billion a year - $45.6 billion of which is spent on defensive medicine practiced by physicians seeking to stay clear of lawsuits.

• The amount comprises 2.4% of the nation’s total health care expenditure.

”To Err Is Human … “

According to a study from researchers at Wolters Kluwer’s Journal of Health Care Finance, preventable medical errors may cost the U.S. economy up to $1 trillion in “lost human potential and contributions.”

Most previous studies say the economic impact of preventable medical errors ranges from $17 billion up to $50 billion annually.

The Cost in Human Lives is Devastating

Up to 98,000 deaths in the U.S. result from preventable medical error => this is an average of ten years of life lost for each of the 98,000, and applied a range of $75,000 to $100,000 per year.

How can you access your health information/medical record?

• Know your rights.

• Check your online patient portal.

• Learn how to obtain, review, verify and use your records.

What rights or control do you have over your medical information?

• You must be given a notice of privacy practices (NPP). A provider needs your written authorization to disclose information about STDs, substance abuse treatment, and psychotherapy notes. Written authorization is also necessary for any kind of marketing other than prescription reminders. You can ask for and receive copies of your records and request corrections. If you pay for your own treatment and ask a provider not to disclose the information to an insurer, it can’t be disclosed.

• In addition, medical information can be exposed in a data breach, whether through the negligence of a healthcare provider, the acts of a malicious hacker, or through some other means.

• From 2005-2013, the Privacy Rights Clearinghouse collected reports of 1,118 breaches of medical data that potentially exposed over 29,000,000 sensitive records.

• Policies for sharing health information electronically aren’t settled yet, but the default appears to be that no additional consent is required beyond the assumed HIPAA consent for treatment, payment, and health care operations for putting your medical records into the digital data stream.

Solution #1: Improving Data Collection across the Health Care System - Standardizing Direct Data Collection

• Who: information should always be asked of patients or their caretakers and should never be gathered by observation alone

• When: information should be collected upon admission or patient registration to ensure that appropriate ﬁelds are completed when the patient begins treatment, or for plans, when the individual enrolls (as permitted by state law)

• What: Questions about the OMB race and Hispanic ethnicity categories (one- or two-question format permitted); A question about granular ethnicity with locally relevant response categories selected from a national standard set; A question to determine English-language proﬁciency; A question about language preference needed for effective communication

• Where: data should be stored in a standard format for easy linking to clinical data

• How: patient concerns should be addressed when the information is being obtained, and staff should receive ongoing training and evaluation

Solution #2: Developing organizational metrics

• Proactive planned care.

• Team-based care that includes expanded rooming protocols, standing orders and panel management.

• Sharing of clerical tasks including documentation, order entry and prescription management.

• Verbal communication and shared inbox work.

• Improved team function.

Other Healthcare Challenges

• U.S. Physicians spend 16.66% of their working hours doing administrative work, which includes using the electronic health record (EHR) system. That amounts to 86 minutes nightly.

• Negligent or excessive medical record retention (while the policies vary from state to state, all medical records should be retained indeﬁnitely or, in the alternative, for 10-25 years).

• It costs nearly $250 billion to process 30 billion healthcare transactions each year (15 billion are faxes).

• Referral leakage for a health system can average anywhere from 55-65%

• 1 out of every 3 patients are sent to a specialist each year. 70% of the specialists rate the patient referral information they receive from other providers as fair or poor.

• The average ratio of staff handling paperwork to doctors can be as high as 4.23 FTE

• 86% of mistakes made in the healthcare industry are administrative.

• 3 of every 10 tests are reordered because the results cannot be found.

• Patient charts cannot be found on 30% of visits.

• Providers need to ﬁll out an average of 20,000 forms every year.

• The average organization spends about $20 in labor to ﬁle each paper document.

• About 80% of all serious medical errors involve miscommunication during care transitions (to different care settings).

• Missed appointments cost the U.S. healthcare system more than $150 billion a year.

• Approximately one-quarter of U.S. patients reported that the results and records from one provider did not reach another provider in time for their appointment.

• 20% of malpractice claims involve missed or delayed diagnoses due to deﬁcits in handoffs between providers.

• Referral leakage costs American hospital systems over $150 billion a year.

• Only 54% of faxed referrals result in scheduled appointments.

• Roughly 25% of all U.S. hospital spending consists of administrative costs.

• There are more than 7,000 deaths and more than 500,000 preventable injuries from medication errors.

• In 2015, only 59% of U.S. hospitals routinely electronically notiﬁed the patient’s PCPs upon emergency room entry.

• From 2014 to 2015, the number of individuals affected by protected health information breaches increased from approximately 1.8 million to approximately 110 million.

• 91% of healthcare practices are using cloud-based services, yet 47% are not conﬁdent in their ability to keep data secure due to manual workﬂow processes.

• 17,000 patient records are breached per day on average.

• Only 41% of U.S. hospitals in 2013 reported that their providers are able to send and receive secure electronic messages with patient health information to and from external sources.

• Almost 70% of individuals report that they were not provided access to their clinical laboratory test results in 2012.

Patient Advocacy Groups and Big Pharma Ties

• The database identiﬁes over 1,200 patient groups. Of those, 594 accepted money from the drugmakers in the database.

• Pharmaceutical companies gave at least $116 million to patient advocacy groups in a single year, reveals a new database logging 12,000 donations from large publicly traded drugmakers to such organizations.

• Six drugmakers, the data show, contributed a million dollars or more to individual groups that represent patients who rely on their drugs.

Patient advocacy vs Lobbying

Patient Advocacy Groups Analysis of Top *15

• Patient Access Network Foundation

• Patient Advocate Foundation Inc.

• Healthwell Foundation

• Conquer Cancer Foundation of the American Society of Clinical Oncology

• American Diabetes Association Inc. (National Ofﬁce)

• Arthritis Foundation Inc. - Headquarters

• American Heart Association Inc.

• Crohn's & Colitis Foundation Inc.

• AIDS United

• The Assistance Fund Inc.

• American Cancer Society Inc. (National Home Ofﬁce)

• Cystic Fibrosis Foundation

• Leukemia & Lymphoma Society Inc.

• Melanoma Research Alliance Foundation

• Cardiovascular Research Foundation

Top *15 & Funding Breakdown

Patient Access Network Foundation

• Mission Statement: To help underinsured people with life-threatening, chronic and rare diseases get the medications and treatment they need by paying for their out-of-pocket costs and advocating for improved access and affordability.

• Tracked Donations:
• Pﬁzer Inc. $16,870
• Inc. $14,537,500

Patient Advocate Foundation Inc

Mission Statement: PATIENT ADVOCATE FOUNDATION (PAF) IS A NATIONAL 501 (C)(3) NONPROFIT ORGANIZATION THAT PROVIDES PROFESSIONAL CASE MANAGEMENT AND FINANCIAL AID SERVICES TO AMERICANS WITH CHRONIC, LIFE THREATENING AND DEBILITATING ILLNESSES. PAF CASE MANAGERS SERVE AS ACTIVE LIAISONS BETWEEN THE PATIENT AND THEIR INSURER, EMPLOYER AND/OR CREDITORS TO RESOLVE INSURANCE, JOB RETENTION AND/OR DEBT CRISIS MATTERS AS THEY RELATE TO THEIR DIAGNOSIS. PATIENT ADVOCATE FOUNDATION SEEKS TO SAFEGUARD PATIENTS THROUGH EFFECTIVE MEDIATION ASSURING ACCESS TO CARE, MAINTENANCE OF EMPLOYMENT AND PRESERVATION OF THEIR FINANCIAL STABILITY.

• Tracked Donations:
• Eli Lilly and Co. $9,500,000
• Pﬁzer Inc. $3,290,000
• Bristol-Myers Squibb Co. $1,078,440
• Amgen Inc. $85,000

Healthwell Foundation

• Mission Statement: HELP ELIGIBLE PATIENTS WITH CHRONIC OR LIFE-ALTERING CONDITIONS AFFORD THEIR MEDICAL TREATMENTS.

• Tracked donations:
• Bristol-Myers Squibb Co. $6,425,000
• Merck & Co. Inc. $1,000,000
• Pﬁzer Inc. $50,000

Cancer Foundation of the American Society of Clinical Oncology

• Mission Statement: CONQUERING CANCER WORLDWIDE BY FUNDING BREAKTHROUGH RESEARCH AND SHARING CUTTING-EDGE KNOWLEDGE. CCF'S VISION IS A WORLD FREE FROM THE FEAR OF CANCER.

• Tracked Donations:
• Pﬁzer Inc. $2,060,000
• Eli Lilly and Co. $978,000
• Amgen Inc. $851,150
• Merck & Co. Inc. $473,750
• Bristol-Myers Squibb Co. $306,320
• Johnson & Johnson $226,505

Diabetes Association Inc. (National Ofﬁce)

• Mission Statement: The mission of the American Diabetes Association the Association is to prevent and cure diabetes and to improve the lives of all people affected by diabetes.

• Tracked Donations:
• Eli Lilly and Co. $2,924,403
• Johnson & Johnson $386,595
• Merck & Co. Inc. $317,000
• Abbott Laboratories $109,119
• Pﬁzer Inc. $84,932
• Baxter International Inc. $16,251
• Amgen Inc. $10,000
• Perrigo Co. PLC $7,350
• Biogen Inc. $1,243
• Bristol-Myers Squibb Co. $100

Arthritis Foundation Inc. - Headquarters

• Mission Statement: THE MISSION OF THE ARTHRITIS FOUNDATION IS TO IMPROVE LIVES THROUGH LEADERSHIP IN PREVENTION, CONTROL AND CURE OF ARTHRITIS AND RELATED DISEASES.

• Tracked Donations:
• AbbVie Inc. $1,567,000
• Bristol-Myers Squibb Co. $855,650
• Pﬁzer Inc. $560,860
• Johnson & Johnson $230,445
• Eli Lilly and Co. $31,340
• Abbott Laboratories $13,844
• Amgen Inc. $12,000
• Biogen Inc. $50
• Baxter International Inc. $25

American Heart Association Inc.

• Mission Statement : BUILDING HEALTHIER LIVES, FREE OF CARDIOVASCULAR DISEASES AND STROKE.

• Tracked Donations:
• Bristol-Myers Squibb Co. $1,964,300
• Abbott Laboratories $432,525
• Johnson & Johnson $355,770
• Merck & Co. Inc. $170,000
• Pﬁzer Inc. $157,235
• Eli Lilly and Co. $87,659
• Amgen Inc. $55,000
• Allergan PLC $20,000
• Perrigo Co. PLC $7,550
• Baxter International Inc. $6,674
• Biogen Inc. $2,341

Melanoma Research Alliance Foundation

• Mission Statement: TO ACCELERATE SCIENTIFIC DISCOVERY TO ELIMINATE SUFFERING AND DEATH DUE TO MELANOMA

• Tracked Donations:
• Bristol-Myers Squibb Co. $1,150,000
• Merck & Co. Inc. $200,000

Crohn's & Colitis Foundation Inc.

• Mission Statement: To cure Crohn's disease and ulcerative colitis, and to improve the quality of life of children and adults affected by these diseases.

• Tracked Donation:
• AbbVie Inc. $2,735,395
• Johnson & Johnson $342,662
• Pﬁzer Inc. $23,271
• Abbott Laboratories $9,225
• Allergan PLC $5,000
• Bristol-Myers Squibb Co. $4,999
• Baxter International Inc. $2,219
• Biogen Inc. $1,500
• Merck & Co. Inc. $1,000

AIDS United

• Mission Statement: AU's mission is to end the AIDS epidemic within the US. We seek to achieve our mission through strategic grantmaking initiatives that cover a broad range of areas including access to care, advocacy, and syringe access. Public Policy efforts are guided by local AIDS service organizations.

• Tracked Donations:
• Bristol-Myers Squibb Co. $1,200,000
• Johnson & Johnson $881,500
• Gilead Sciences Inc. $250,000
• Abbott Laboratories $8,000

The Assistance Fund Inc

• Mission Statement: THE ASSISTANCE FUND (TAF) PROVIDES SUPPORT AND FINANCIAL ASSISTANCE FOR INDIVIDUALS DIAGNOSED WITH SPECIFIC CHRONIC OR CRITICAL ILLNESSES WHO LACK THE FINANCIAL MEANS TO COVER THE COST-SHARING PORTIONS OF THEIR PRESCRIBED TREATMENTS AND LIFE-SAVING CARE. TAF'S EFFORTS ARE GUIDED BY THE HOPE THAT ONE DAY NO PERSON WILL GO WITHOUT MEDICATION DUE TO AN INABILITY TO PAY.

• Tracked Donations:
• Merck & Co. Inc. $2,150,000

American Cancer Society Inc. (National Home Ofﬁce)

• Mission Statement: THROUGH OUR 11 GEOGRAPHIC DIVISIONS & NATIONWIDE CORPORATE CENTER, WE SERVED OVER 60 MILLION PEOPLE IN 5,000+ COMMUNITIES THROUGH RESEARCH, EDUCATION, ADVOCACY & SERVICE.

• Tracked Donations:
• Abbott Laboratories $671,316
• Merck & Co. Inc. $645,202
• Bristol-Myers Squibb Co. $433,016
• Johnson & Johnson $130,308
• Eli Lilly and Co. $104,248
• Pﬁzer Inc. $70,767
• Baxter International Inc. $25,530
• Perrigo Co. PLC $17,500
• Biogen Inc. $5,740
• Allergan PLC $5,000

Cystic Fibrosis Foundation

• Mission Statement: THE MISSION IS TO CURE CYSTIC FIBROSIS AND TO PROVIDE ALL PEOPLE WITH THE DISEASE THE OPPORTUNITY TO LEAD FULL, PRODUCTIVE LIVES.

• Tracked Donations:
• AbbVie Inc. $1,573,250
• Johnson & Johnson $139,008
• Pﬁzer Inc. $82,322
• Abbott Laboratories $4,585
• Biogen Inc. $1,350
• Baxter International Inc. $1,175
• Perrigo Co. PLC $1,000

Leukemia & Lymphoma Society Inc.

• Mission Statement: OUR MISSION IS TO CURE LEUKEMIA, LYMPHOMA, HODGKIN'S DISEASE AND MYELOMA, AND IMPROVE THE QUALITY OF LIFE OF PATIENTS AND THEIR FAMILIES.

• Tracked Donations:
• Bristol-Myers Squibb Co. $883,450
• Pﬁzer Inc. $351,409
• Johnson & Johnson $209,160
• Amgen Inc. $130,000
• Eli Lilly and Co. $78,895
• Merck & Co. Inc. $25,000
• Biogen Inc. $11,395
• Baxter International Inc. $10,105
• AbbVie Inc. $7,500

Cardiovascular Research Foundation

• Mission Statement: CARDIOVASCULAR RESEARCH FOUNDATION IS AN INDEPENDENT, ACADEMICALLY FOCUSED ORGANIZATION DEDICATED TO IMPROVING THE SURVIVAL AND QUALITY OF LIFE FOR PEOPLE WITH CARDIOVASCULAR DISEASE THROUGH RESEARCH AND EDUCATION. THE ORGANIZATION HAS PLAYED A MAJOR ROLE IN REALIZING DRAMATIC IMPROVEMENTS IN THE LIVES OF COUNTLESS NUMBERS OF PATIENTS BY ESTABLISHING THE SAFE USE OF NEW TECHNOLOGIES AND THERAPIES IN THE SUBSPECIALTY OF INTERVENTIONAL CARDIOLOGY AND ENDOVASCULAR MEDICINE.

• Tracked Donations:
• Abbott Laboratories $937,815
• Merck & Co. Inc. $252,224
• Eli Lilly and Co. $60,000
• Bristol-Myers Squibb Co. $30,000
• Johnson & Johnson $30,000
• Amgen Inc. $15,000

Did You Know That Your Healthcare Information Is For Sale?

The false sense of security HIPAA really is...

We believe we have the right to dictate who our doctors discuss our health issues with under the laws of HIPPA. We fill out forms, indicate who our doctors can talk to, grant permission for the office to leave a voicemail message… but what happens to our medical records and information after we leave the doctors office?

We know that a claim is submitted to our insurance company for payment but what does the insurance do with that information? What if I told you that information is sent to a company that will charge a fee to other insurance company's for your health information? What if I told you that because your health records are stored as codes and not the actual X-Ray or Lab Report, the information is not protected under HIPAA? You might be reading this in disbelief, but this is actually what happens to millions of Americans' health information each year.

Let me introduce you to the MIB Group. While most Americans may never have heard of this company, it is a corporation with more than 400 insurance companies that are called members.

MIB - formerly the Medical Information Bureau - is now known as the MIB Group. MIB says it helps insurers become better able to detect fraud in applications and keep premiums low for everyone.

Insurance companies pay a fee to become members of the MIB, then when you apply for health insurance, car insurance, life insurance, long term care insurance in the fine print you grant the insurer permission to search MIB records. The insurer then pays the MIB for the request for your record. According to the Federal Trade Commission, MIB's member companies account for 99 percent of the individual life insurance policies and 80 percent of all health and disability policies issued in the United States.

The MIB defends this practice, claiming it does not report actual details about a person’s medical condition or problem. The codes only act as indicators or red flags to alert companies of possible risks. Claiming it’s not a record - it’s a code that allows them to avoid HIPAA regulations - but isn't that really just semantics? Just because they don't have a copy of my EKG, they still know that I have had one. They don't keep a copy of the diagnostic reports but know the diagnosis.

The Federal Trade Commission considers MIB a consumer reporting agency, which means it must comply with the Fair Credit Reporting Act. Under the act, MIB member insurers must notify you if your report played any part in its decision to deny you a policy or charge a higher rate. If that happens, you have 30 days from that notice to get your MIB report - free of charge - to make sure all information in it is correct. You also may request a free report once a year.

Want to know what information insurers can pay to know about you?

You can contact MIB at 1-866-692-6901 Monday through Friday, or online athttps://www.mib.com/.

Why you should take control of your Personal and Medical Records

Conclusion

Controlling your own medical data is crucial in today’s business and government environment for several reasons:

Privacy and Confidentiality Concerns: Medical records contain sensitive personal information. With the rise of digital health records and databases, the potential for unauthorized access and breaches has increased. Entities like IMS Health trade in medical data, which, while anonymized, still raises concerns about personal privacy.

HIPAA Limitations: The Health Insurance Portability and Accountability Act (HIPAA) provides a framework for the protection of personal health information but has limitations. For example, it does not cover information disclosed through other means like social media or mobile health apps. Moreover, there are circumstances under which personal health information can be disclosed without consent for purposes like public health reporting or law enforcement, highlighting the need for individuals to have greater control over their data.

Commercialization of Medical Data: Companies profit from trading medical data, often without the explicit consent of the individuals concerned. This commercialization emphasizes the need for individuals to have a say in who accesses their medical records and for what purposes.

Data Accuracy and Access: Patients have the right to access their health records, correct inaccuracies, and manage who has access to their information. This level of control is essential for ensuring that medical decisions are based on accurate and complete information.

Autonomy and Empowerment: Having control over one's medical data empowers individuals to make informed decisions about their healthcare and to protect themselves against potential discrimination or prejudice that could arise from unauthorized access to their health information.

Regulatory Compliance: Entities that manage health information must comply with various regulations, such as HIPAA in the United States. Individuals controlling their medical data can help ensure that these entities adhere to the required standards of privacy and data protection.

Cyber Security Risks: The risk of cyberattacks and data breaches necessitates stringent security measures to protect medical information. Individuals controlling their medical data can play a role in safeguarding their information by being selective about who they share it with and understanding the security practices of those entities.

Transparency and Trust: Allowing individuals to control their medical data fosters transparency in the healthcare system and builds trust between patients and healthcare providers. This is crucial for the effective delivery of healthcare services and for maintaining the confidentiality of patient-provider interactions.

In conclusion, controlling one's medical data is not only a matter of privacy but also a critical aspect of ensuring the integrity, confidentiality, and security of sensitive health information in the digital age. It empowers individuals, supports regulatory compliance, and enhances the overall trust and efficiency of the healthcare system.

Research Citation

Health Insurance and Portability and Accountability Act of 1996 (HIPAA) Alcohol and Drug Abuse Patient Records Privacy Law

CalOHII (California Office of Health Information Integrity) has a useful and well-organized section on federal and California laws and regulations concerning health information privacy.

California Health Information Law Identification (CHILI) CHILI is a search tool that assists in identifying California statutes and regulations related to the privacy, access, and security of individually identifiable health information.

California Office of the Attorney General (for links to all of California’s privacy laws) Center for Democracy and Technology's Health Privacy Project

Citizens' Council for Health Freedom

Council for Responsible Genetics

Department of Health and Human Services and Department of Education: Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records.[pdf] (for how FERPA and HIPAA interact)

Genetic Alliance

GeneWatch UK

Genomic Law Report

HealthLawProf Blog

Indiana University Center for Bioethics Newborn Blood Spot Banking: Approaches to Consent - PredictER Law and Policy Update National Human Genome Research Institute Genome Statute and Legislation Database

Patient Privacy Rights

Privacy Rights Clearinghouse's Medical Privacy Project

The UC Berkeley Chancellor’s Office has a good summary of the Information Practices Act.

World Privacy Forum's Patient's Guide to HIPAA https://www.cms.gov/cciio/resources/Regulations-and-Guidance/index.html#%20Affordable%20Care%20Act

https://www.eff.org/issues/law-and-medical-privacy

https://www.thedoctors.com/articles/medical-record-retention/

https://getreferralmd.com/2016/08/30-healthcare-statistics-keep-hospital-executives- night/

https://wire.ama-assn.org/practice-management/family-doctors-spend-86-minutes-pajama-time-ehrs-nightly

https://wire.ama-assn.org/practice-management/family-doctors-spend-86-minutes-pajama-time-ehrs-nightly https://www.ncbi.nlm.nih.gov/pubmed/25626223

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC150366/

https://www.healthit.gov/faq/how-can-i-access-my-health-informationmedical-record   

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3270933/

https://www.ahrq.gov/research/findings/final-reports/iomracereport/reldata5.html