We built HealthLock to help protect your medical privacy and keep your sensitive healthcare information secure. We use powerful AI technology to keep an eye on your medical bills, which can help catch identity theft and fraud in action—but there are also things you should do to protect your sensitive information. That’s why you’re reading the sixth entry in our Protecting Your Privacy series: Why you should keep tabs on your provider.
The country’s HIPAA laws require your healthcare providers to protect your healthcare data. The problem we see is with enforcement. It’s up to each individual provider—doctor’s office, pharmacy, hospital, and so on—to take the necessary steps to guard your privacy.
Is your doctor complying with HIPAA standards? If they are, that’s an extra layer of protection between you and potential data thieves. But the best thing you can do is ask.
What should I ask my doctor?
You should ask your doctor the following questions:
How long do you keep records?
Most personal physicians keep records for around seven years, although this varies by office.
Who has access to this information?
Your doctor likely has at least a small staff, and office managers, nurses, and physicians’ assistants may be among those who can see your data at any given time. We want to trust our healthcare providers, but every extra person who has access to your information is someone else who can possibly commit medical fraud.
- Do you shred information? Some doctors’ offices have shifted to a completely digital format, but others still have printed forms that you or the doctor will fill out. What do they do with these forms after your appointment? Do they digitize them and shred them, or are they kept intact for easy reference?
- Who do you share information with? Unless you specifically ask your doctor not to share your information with anyone, they are generally free to discuss your case with other doctors and nurses in their facility.
- How do you protect my electronic health data? Much of our information today is digitized. HIPAA also requires your doctor’s office to take reasonable steps to guard your digital data. Here are some additional questions you can ask to make sure your digital healthcare footprint is protected:
- Do you maintain an audit trail? This allows your doctor to see who in their office has accessed your information, and when.
- Have you encrypted my information? Encryption is a way of encoding information. If your data has been properly encrypted, only those with access to a system key can read it.
- What kind of access control tools do you maintain? If someone tries to access your data, how can they get at it? Do they need to input a PIN, a password, or a thumbprint? The more security layers your doctor’s office maintains, the less likely it is that outsiders will be able to access your information.
What if my doctor isn’t protecting my data?
If your doctor has unsatisfactory answers to these questions—or no answers at all—you may wish to file a HIPAA complaint. You may also want to change doctors. Your medical data is extremely sensitive—if your doctor isn’t doing their part to protect it, you shouldn’t be expected to continue visiting them.
How can I protect my healthcare information in other ways?
Even if your doctor is doing everything in their power to look after your medical data, it may not be enough. Healthcare breaches are occurring more rapidly than ever—in 2020 alone, there were over 600 breaches that compromised at least 500 records each—and you need to protect your sensitive information however you can.
That’s where HealthLock comes in. Our HealthLock Privacy PACT places your doctors on notice—it lets them know we’re watching out for you, and that they need to make every effort to protect you to the full extent of the law.
We also put our powerful AI technology to work reviewing every medical bill and Explanation of Benefits you receive to catch signs of fraud or medical identity theft before they can spiral out of control. We can even help you recover from any damages.
Your privacy deserves as much protection as your financial information. Working together, we can keep your data secure.