How safe is your health data?
How confident are you that your health data is secure? Protecting such personal information is crucial in light of several high-profile data breaches, such as the one in which as many as 145 million U.S. residents had their information hacked from Equifax Inc., which provides consumer credit scores. “Health care records are the keys to our identity castles,” says Rod Piechowski, senior director of health information systems at the Healthcare Information and Management Systems Society, a nonprofit based in Chicago dedicated to improving health through information and technology. Sensitive information like your Social Security number, prescriptions and records of treatment for chronic conditions like cancer or diabetes can be misused by hackers.
There’s an array of strategies to counteract health information vulnerabilities.
Keeping track of all your health care information and trying to make it secure may seem daunting. After all, it’s hard enough to keep track of things like prescriptions. But there are steps you can and should take to protect your health care data, Piechowski says. “While there are vulnerabilities due to rapidly changing medical information technology, we too are responsible for our side of the equation,” he says. “There’s a lot we as patients can do to defend our health data from hackers and reduce the risk of facing costly and emotionally exhausting identity theft or insurance fraud.” Here are 11 strategies for shielding your health data:
Get to know your health care devices and apps.
It’s tempting to jump in and use your new health app, but you shouldn’t blindly accept any terms of service/privacy agreement without reading them carefully, Piechowski says. Read them closely to understand how your data will be collected and with whom it can be shared. Consider that the vendor you initially grant access to your data could have an agreement to share your information with unnamed third parties, or that if the vendor is acquired the new parent company may have different data privacy guidelines. “Make an informed decision to accept, or deny, the terms and share your data,” he says. “Once that information is shared, it’s out there forever.”
Use strong passwords and change them frequently.
Strong passwords and usernames are important tools to protect your health care data, says Avani Desai, principal and executive vice president of Schellman & Company, an independent security and privacy compliance assessor in Orlando, Florida. “We welcome the ease and efficiency of being able to download results and see our medical records online,” she says. “However, it puts the onus on us to make sure we have strong authentication means in place. This entails strong usernames and passwords that are changed on a frequent basis and also a password that is not used often for other accounts that may not house personal health information.”
Try to avoid using public Wi-Fi networks.
Be wary of where and when you sign in to view your account, Desai advises. Using public computers and public Wi-Fi could put the security of your username in jeopardy and may put you at risk of having your health data intercepted. “It’s always best to use your home computer or a secure mobile hot spot,” she says. If you need to use public resources, like a public library, to send personal health information to physicians or relatives, ensure no passwords are saved, log out of every account you use, delete the web browser history, clear cookies and information caches and delete your documents before signing off, Piechowski says.
Be your own data watchdog.
Carefully monitor your credit reports and health care bills on a regular basis. Dramatic changes in your credit score, an unexpected credit card charge (regardless of the amount) and false medical claims submitted to your insurance are red flags that your identity has been compromised, Piechowski says. If any of these things happen, immediately alert your health care and insurance providers, Piechowski says. “Physicians and insurance providers want to avoid fraudulent charges as much as you do,” he says. “Contact them as soon as you see any bill you weren’t expecting to ensure your medical benefits and personal information are not being abused by a hacker.”
Don’t overshare medical information on social media.
Sharing news about your medical treatment, whether it’s for cancer, high blood pressure or depression on social media like Facebook, Twitter or Instagram may be cathartic, but be aware that such information could be useful to hackers, Piechowski says. Hackers could use such information to compile convincing details which they could use to steal your identity to receive medical services at your expense. If you share medical information online, use strict privacy settings to limit who can see these posts, he says. “Be very thoughtful — and careful — about what details you publicly share about your life,” Piechowski says.
Don’t hesitate to ask questions.
Some patients who wouldn’t think twice about asking their health care provider about their treatment for chronic conditions like arthritis, diabetes or heart disease are uncomfortable asking what their personal health care information is used for, and who besides your provider may have access to it. They shouldn’t be, Desai says. Some health care providers share their patients’ data with researchers, for example. Don’t be shy about asking such questions, she advises. “Your health care professional should expect these questions,” she says. “You want to know that your health care professional is using your information for the appropriate reasons and not providing it to third parties, unless it is out of necessity.”
Guard your insurance ID card information closely.
Be wary of sharing the medical policy numbers on your health insurance card at health fairs or over the phone with anyone who doesn’t have a legitimate reason to ask for them, Piechowski says. If someone offers free medical exams or nutritional supplements and asks for your insurance policy number, politely decline; many such offers “come paired with identity theft,” he says. Hackers can use information on your insurance ID card to impersonate you to get health services, running up costly medical bills in your name. Don’t even share your insurance card with relatives, friends or co-workers, says Lee Arian, a partner with a Los Angeles health care law firm.
Know your physician’s medical information retention policy.
Physicians aren’t obligated to maintain your medical information forever. Don’t expect your doctor to keep copies of your weight or blood pressure readings indefinitely. Each state has different rules regarding retention of such data. The storage and security of this information is particularly important if you change physicians, whether it’s because you move, your insurance changes or your doctor retires or sells his or her practice, says Christopher Mann, an attorney in Bloomfield Hills, Michigan. Obtain your physician’s medical retention policy, he advises. If you change doctors, make sure your former doctor transfers all your records to your new physician.
Be careful about providing sensitive data on your doctor’s website.
Unless you know the website is secure, assume that whatever you’re providing online could one day be hacked, similar to the breaches inflicted on such major companies as Target. Don’t share your credit card number or health insurance ID card information on the site unless you know it’s secure. Make sure your credit card information is provided in a secure portal. “Before putting any health care or financial information on a website, I always check for a secure connection,” Desai says. For example, if the site uses “https” rather than “http,” Desai has confidence the provider is encrypting communications between her browser and the website.
Know your health care provider’s communications protocol.
Ask your physician to explain the correspondence you can expect to receive and what information your health care provider might request, either over the phone or by email, Piechowski says. Understanding how your health care provider communicates with patients will help you identify phishing scams, such as a malicious email disguised as an appointment reminder that asks for your credit card information. Try to share sensitive information like your Social Security number exclusively in person or through a secure patient portal. “If you typically get emails from your doctor but start getting text messages (purportedly) from your physician requesting sensitive information, then you should be very suspicious,” Piechowski says.
Don’t use outdated electronic devices.
Make sure your older electronic devices — such as laptops, tablets, cellphones, home computers and even routers — are updated with the latest software, advises Victor Danevich, vice president, worldwide field engineering for Infoblox, a network control company based in Santa Clara, California. Some older electronic devices that haven’t had their software updated are riddled with security weaknesses that hackers can easily exploit, Danevich says. If the particular device you’re using is no longer maintained by the manufacturer or if updates are no longer available on the software it runs, it’s time to replace it, or get new applications, he says.
More from U.S. News
5 Ways to Reduce Your Risk of Developing Kidney Disease
10 Questions Doctors Wish Their Patients Would Ask
16 Health Screenings All Women Need
11 Strategies for Keeping Your Health Data Secure originally appeared on usnews.com
