Are Your Medical Records Safe at Your Doctor’s Office? Maybe Not.

A recent study found that most leaks of patient information were due to the negligence of employees of healthcare providers, not by attacks from external hackers. Because of this, you should be extra careful about what information you give to your doctors’ offices, hospitals and local drug stores.

The study, published in the Journal of the American Medical Association (JAMA), reviewed over 1000 large medical record breaches that had occurred from 2009 to 2017. These healthcare record breaches affected more than 164 million patients. Only 12% of these breaches came from attacks by external hackers and 53% of the data breaches were from internal negligence.

While patient safety has advanced since the founding of our country, the security of sensitive medical records is an issue that is increasingly fraught with danger as private information is accidentally sent to the wrong recipients, mishandled or hacked.

This study included a number of ways that data breaches occur. These internal data breaches included files of medical patients being mailed or emailed to the wrong people. Also, medical records being accessed from computers or smartphones that were not secure. Other medical records were mishandled, stolen by employees or the victims of physical theft.

Why is this important to you? Patient data theft or security breaches are dangerous because someone who has the ability to see your private, sensitive medical information could: leave you with expensive bills, get medical care through your account, or get you into trouble in other ways.

Because of the sensitive nature of your medical information, you should perhaps resist giving your entire Social Security number to your doctor’s office staff. Or, if you must, provide only the last four digits as you do in many other transactions. If a receptionist at the doctor’s office insists, ask them why the number is needed.

Herndon injury lawyer Doug Landau of the Abrams Landau law firm always encourages his clients to ask questions of their doctors and other healthcare providers. Ask about the doctor’s office history of leaks or hacks and what security they used to protect your sensitive information. There really is no legitimate medical reason that a doctor’s office would demand your entire Social Security number. Usually, this request is only to make it easier to get the debt collectors after you if you or your insurance do not pay the bills fast enough. You may find that many medical offices will back down if you refuse to give your entire Social Security number. Of course, you may have to provide your date of birth, your driver’s license or other official government photo ID and insurance information, but that information is often required before the dispensing of strong medications or to verify your age for eligibility for state, local and/or federal medical benefits.