Data privacy is essential in our modern digital world, but none is critical and more consequential than your medical data. Whether written, oral, or electronic, your medical records contain your protected health information (PHI) that includes your medical test results, prescription details, and overall health history. Thus, it’s vital to have access to your medical information, and more importantly, maintain data privacy to ensure it doesn’t end up in the wrong hands.
HIPAA: protect our privacy
Fortunately, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives you legal rights over your medical data and regulates who can share or access your medical data. If you’re a parent or the legal guardian of a minor, HIPAA gives you rights over the minor’s PHI. With the HIPAA Security Rule and the HIPAA Privacy Rule in place, you have confidence your healthcare providers and their business associates will handle your personal health information with utmost care and confidentiality.
In cases where your healthcare provider is allowed to share your medical data without your permission, HIPAA gives you the right to know all the entities that have seen your health data by requesting an accounting of disclosures report. HIPAA’s notice of privacy practices outlines all the rights you can exercise to safeguard your healthcare data privacy.
Proposed changes to advance health data privacy and access
With the Coronavirus health crisis, there's a need for faster access to your PHI. Currently, HIPAA-covered entities take 30-days to provide your health data upon request. On Dec. 10, 2020, the U.S. Department of Health and Human Services (HHS) proposed a raft of changes to the HIPAA Privacy Rule, one being to cut the 30-day response period to 15 days. These modifications aim to enhance your PHI access rights and secure your information from data breaches that have happened before.
Healthcare data breach incidents
You probably caught wind of Anthem Inc’s data breach incident in 2015, where criminal hackers stole the medical data of 78.8 million individuals from Anthem's computers. Consequently, the HHS Office for Civil Rights (OCR) fined Anthem a record $16 million in a HIPAA settlement. A more recent healthcare data breach happened at Lifetime Healthcare Companies on Jan. 15, 2021, and affected over 9.3 million individuals. OCR fined the health insurer $5.1 million.
The hefty settlements show you the extent to which HIPAA goes to protect your healthcare data. More so, the FTC Act deals with data breaches and privacy issues in non-HIPAA-covered entities. A good example is the recent June. 22, 2021, FTC settlement with Flo Health Inc., a fertility-tracking app that shared users' data with Google and Facebook.
How to protect our private data and information
Once you obtain your PHI or your children’s PHI from your healthcare providers, you’re responsible for its safety. The main privacy risk comes when sharing your medical data with other people or entities, such as online medical consultations and prescription-saving platforms. If possible, avoid sharing your PHI over the internet when shopping for your prescriptions or interacting with healthcare apps.
rxless: your privacy is our policy
Luckily, you can use data-secure platforms such as RxLess to search millions of prescription medication prices online and offline without giving up your personal information. At rxless, we prioritize your PHI privacy and comply with the Children’s Online Privacy Protection Act (COPPA). We guarantee never to share, sell, or otherwise disclose your private data to any third parties.
