Do You Want More Privacy? Here’s How to Protect Your Health Information Online
Most Americans will tell you they value privacy and want to protect themselves online from any unwanted searches into their private lives, especially their medical records. When it comes to such health information, they assume that HIPPA (Health Insurance Portability and Accountability Act/Privacy and Security Rules) will protect them.
Well, yes and no. HIPPA will protect your privacy and the security of your health information, including your address, social security number, diagnoses and conditions, etc., but only when transmitted or maintained by all those covered under HIPPA Rules such as health plans, most healthcare providers, and healthcare clearinghouses.
But there is information where HIPPA rules do not apply, such as your:
- online search history
- information you voluntarily share online on social media or elsewhere
- apps you’ve downloaded for your own personal use.
And HIPPA Rules also do not cover the following which may not be affiliated with health providers and others covered under HIPPA, such as:
- fitness clubs
- health apps
- research entities (not affiliated with health providers and others covered under the HIPPA Rules).
Something else to note: in general, the HIPPA Rules won’t protect you if your health information is stored on your mobile phones or tablets. There’s a reason for this: cellular service providers may store communications you send and receive, such as your texts, calls, and what you email.
“To be forewarned is to be forearmed,” cautions John Mastronardi, Executive Director, the Nathaniel Witherell. “There are disreputable people, identity thieves out there who would try to use your personal and health insurance information to get prescription drugs, medical treatment, or just about anything else that could benefit them,” he notes. “So, it is prudent to find out how best to protect your privacy.”
What can you do?
There are several steps you can take to protect yourself. Let’s begin with the basics:
- Use a strong password and update it often, but don’t stop there. Use a password manager such as LastPass and 1Password. You also should use two-step authentication. Want to know if there have been attempts to access your online data? Search for your email address at Have I Been Pwned?
- Since most websites – and that includes social media, and ads – track your online activity, they are busy scanning for personal information. If the app is free, you can bet it is collecting and selling your data. If you are on Windows, use Microsoft’s Windows Defender which has anti-virus and security protections; also use Malwarebytes Premium which works well with Defender and is available for Mac.
- If you have a medical condition and you are not corresponding with a health provider or entity covered by HIPPA or “business associates,” people and companies that provide services for covered entities (PHI) – don’t post anything you don’t want to be made public.
- Use an ad blocker to avoid websites using “cookies” that will target you and leverage your search history and information in order to sell you something. If you’ve ever searched online for information pertaining to a medical condition, the ad blocker will work to block unwanted ads and block your online searches. You also can switch to search engines that do not retain your information, such as Startpage.com and DuckDuckGo.com. In addition, the Federal Trade Commission lists lots of information about protecting your privacy, as does the Federal Communications Commission.
- Sometimes, official-looking sites may contact you requesting information, such as your Medicare ID, prescriptions, medical testing, Social Security number, etc. Don’t be tempted to share any of that.
- At home, keep your medical records secure. That includes billing statements, prescription bottles, and health insurance policies. If you get medical bills for procedures you did not receive or a notice that you’ve reached your maximum insurance limits, and you know none of this is true, your information may have been breached. After you’ve contacted your physician’s office and/or pharmacy or health provider and determined that there’s been an error, send a letter to that effect via registered mail, keeping the receipt. Chances are, someone will be in touch quickly.
- If you don’t want your cellular device to track your location, you can turn off that feature. Just go to “Settings” then “Privacy” then “Location Services” and make the changes.
- When you are ready to dispose of your old mobile phone or tablet, and you’ve transferred your data to the new one, be sure you delete all stored data in the old phone. Also, remove and destroy the SIM card if you do not plan to re-use it in another device; and recycle the cell phone at an electronic recycling center.
Nothing is foolproof, of course, but if you follow these steps, you’ll be well on your way to protecting your health information and privacy.