Celebrity Medical Records Hacked: Are You at Risk?

http://www.foxnews.com/story/0,2933,348988,00.html

Celebrity Medical Records Hacked: Are You at Risk?

Wednesday, April 09, 2008
By Jessica Ryen Doyle

It's not surprising that hospital employees would be interested in the
medical records of celebrities like Maria Shriver, Farrah Fawcett,
Britney Spears and George Clooney.

But famous names may not be the only ones whose medical files are
being snooped through, according to two medical experts.

Essentially, all medical records -- including the average Joe's -- are
up for sale to large corporations, research facilities and drug
companies, said Dr. Deborah Peel, founder and chairwoman of Patient
Privacy Rights, a non-profit advocacy group in Austin, Texas.

By signing a Health Insurance Portability and Accountability Act
consent form, she said, you not only are giving your doctor and
insurance company access to your medical records, but you may be
giving them permission to sell your information, as well.

"The privacy rule requires health care providers to give patients a
notice of privacy practices to provide them with important information
on how their health information may be used and disclosed, as well as
what their rights are with respect to their information and how the
individual can exercise these rights," says Linda Sanches, senior
adviser for HIPAA Privacy Outreach, Office for Civil Rights, U.S.
Department of Health and Human Services.

In other words, be sure to read very carefully before you sign on the
dotted line.

"HIPAA is both good and bad," said Devon Herrick, a senior fellow and
health economist at the National Center for Policy Analysis, a non-
profit advocacy group in Dallas, Texas, that researches public policy.

"You want to know your information is protected, but if I'm your
doctor and I see another doctor who may know more about your
condition, and I want to consult with him on your condition, I can't
do that without your consent."

Herrick also said many drug companies and researchers buy aggregated
information so they can figure out which drugs work and which ones do
not.

"The other aspect is commercial," he said. "Let's say AstraZeneca
wants to know about heartburn or GERD. They want to know what you are
taking, so they can sell you their drug."

Sanches said for a health care provider (including doctors), health
care clearinghouse (including public and private third-party billers)
or health insurance plan to obtain that kind of information, there
must be a signed authorization.

Advocacy groups promoting privacy rights are stepping out in light of
recent, highly publicized breaches of confidentiality. On Monday, the
media reported that TV newswoman Shriver, who is California's first
lady, was among more than 30 high-profile patients who had their
confidential records breached at UCLA Medical Center.

Lawanda J. Jackson, the woman responsible in the Shriver case, is the
same employee who sneaked into actress Farrah Fawcett's medical
records, officials told the Los Angeles Times on Sunday.

She resigned in May 2007, reportedly before officials could fire her,
after UCLA learned of the widespread breaches, but patients were not
notified, the hospital said.

In all, the employee improperly looked at 61 patients' medical records
in 2006 and 2007, according to state and local medical officials.
These included those of Fawcett, Shriver and 31 other politicians,
celebrities and well-known people, according to the Los Angeles Times.
Names of the other patients were not disclosed.

The head of the UCLA Hospital System, Dr. David Feinberg, apologized
for the breaches and said the woman behind them had been a "rogue"
employee.

After being informed last week that his wife's medical records had
been accessed, Gov. Arnold Schwarzenegger issued a statement saying
that "a breach of any patient's medical records is outrageous."

The secretary of the California Health and Human Services Agency, Kim
Belshe, said Sunday that her agency is "very concerned about what
appears to be a pattern of repeated violations."

The state will be taking action against UCLA, she said.

This is the same facility that fired several employees for looking at
Spears' records when she was hospitalized in January.

In a similar violation, the medical records of Clooney and his
girlfriend, Sarah Larson, were exposed to the press in September when
the two were in a motorcycle accident in New Jersey. Palisades Medical
Center suspended 27 employees in October, about a month after
Clooney's accident, for accessing the actor's records, Peel said.

"Nothing is less secure than a big storage room full of paper,"
Herrick said. "And when I'm in the hospital anyone can see me, or the
drugs I'm taking are lying on the cart for anyone to see. These are
all things that are privacy issues."

And the issue doesn't get resolved as paper records give way to
electronic records, Herrick said, offering the following scenario:

If a patient sees Dr. Brown today and Dr. Black tomorrow, Dr. Black
can access the notes Dr. Brown made with the patient's consent.

In this respect, HIPAA is good.

But this also means protocols and restrictions have to be created so
that vendors who should not be snooping can't access those records, he
said.

So, what can patients do to protect their medical privacy?

Peel said patients can download a patient privacy toolkit from her
organization's Web site, which includes a list of questions to ask a
medical provider, a list of privacy rights and instructions for
privacy rights that patients can sign and bring to their medical
provider.

Another advocacy group, Health Privacy Project, offers these tips:

-- Read notice-of-privacy practices carefully

-- Talk about confidentiality concerns with your doctor

-- Ask how your medical information is shared in a large health care
organization

-- Read authorization forms before you sign; edit them to limit the
sharing of information

-- Request a copy of your medical records and review them

-- Be cautious on Web sites that ask you to take surveys

-- If you feel you have been violated, register a complaint with your
local Office of Civil Rights

Contributing: The Associated Press
.

Relevant Pages

  • Re: Google To Store Patient Medical Records
    ... Google Inc. will begin storing the medical records of a few ... electronic transfer of their personal health records so they can be ... 120,000 patients on its own online service called MyChart. ... medical records after they change doctors or health insurance plans. ...
    (misc.health.alternative)
  • Privacy Issue Complicates Push to Link Medical Data
    ... Privacy Issue Complicates Push to Link Medical Data ... Lawmakers, caught in a crossfire of lobbying by the health care industry and consumer groups, have been unable to agree on privacy safeguards that would allow patients to control the use of their medical records. ... the only jobs created have been for a small army of lobbyists trying to secure money for health information technology. ... They say doctors, hospitals, drugstores and insurance companies would be much more efficient if they could exchange data instantaneously through electronic health information networks. ...
    (soc.senior.issues)
  • Canadian outsourcing - did not know this
    ... I guess our reasons for not wanting our medical records ... British Columbian citizens above any cost-saving objectives that the current BC ... confidentiality of medical records and privacy of British Columbians' personal ... Submission on the USA Patriot Act ...
    (sci.med.transcription)
  • Liberal hypocrisy example #756
    ... library is a gross and outrageous invasion of privacy but letting the feds ... run your health care and compile your medical records is a good idea. ... the ACLU whores think that's an invasion of privacy. ...
    (misc.transport.trucking)
  • Re: Workers Disciplined for Viewing Shasta Groenes Medical Records
    ... >>> for violating Shasta Groene's privacy, ... >>> them access to medical records that are now electronic, Tom Legel, KMC's ... >>> began moving its paper patient files to computers 15 months ago and ... >>> violations, so the workers were not fired. ...
    (alt.true-crime)
Loading