How To Protect Yourself From A Hospital Data Breach

Image courtesy of catastrophegirl

You may never have considered whether your preferred hospital is one of the approximately 311 major teaching hospitals in the U.S., but according to a new study, the type of hospital you choose might affect your privacy.

Teaching hospitals are often affiliated with medical schools, which use the facilities to help train future doctors. And the new report, published Monday in JAMA Internal Medicine, found that these hospitals—which tend to be larger and have more people handling patient records—may be more likely to experience data breaches.

Hospital data breaches are a fairly regular occurrence these days and can result in your Social Security number, health insurance ID, and other personal information being exposed and misused. For instance, your info may be used to perpetrate medical identity fraud—in which someone else obtains medical care in your name and leaves you with the bills and falsified medical records.

But data breaches affect more than just hospitals—health insurers, doctors’ offices, and other types of medical facilities have all been targeted. Personal patient information was compromised more than once per day, on average, across the healthcare industry last year, according to healthcare data security firm Protenus.

Although it’s wise to pay attention to studies like this, there’s no need to panic. No matter what kind of hospital you go to, you can take steps to safeguard your data and your privacy.

What the Study Found and What It Means

In this study, researchers from Johns Hopkins, Michigan State, and Ball State universities—which all have teaching hospitals connected to them—evaluated the reports hospitals must make to the Department of Health and Human Services and the media whenever the personal information of 500 or more people is breached. (People whose information is divulged must also be notified.)

The researchers focused on 141 U.S. hospitals that made such reports between late 2009 and the end of 2016. The hospitals that reported data breaches to HHS (which included one of Johns Hopkins’ own hospitals) were more likely to be major teaching hospitals than smaller teaching hospitals or nonteaching hospitals.

Ge Bai, Ph.D., assistant professor of accounting at Johns Hopkins Carey Business School and the study’s lead author, explained in an interview that major teaching hospitals may be more vulnerable to breaches because more people at them (who are also conducting medical research and educating new healthcare professionals) can view private patient data. The more people who can access data, the less secure it is, she notes.

This doesn’t mean you should avoid major teaching hospitals, which often offer cutting-edge treatment and give patients generous amounts of attention.

But you should take these simple steps to help secure your personal information and reduce the risk of fraud if your information does get exposed.

How to Protect Your Personal Information

•Limit the personal information you provide
Think twice before allowing your driver’s license or state ID to be photocopied at the hospital. If a registration form asks for your Social Security number, Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center, recommends asking: “Do you really need this?” She says requests for SSNs are relics from the days when the number was necessary to bill you for services. Consider refusing and explain that you are concerned about security.

Social Security numbers still appear on Medicare cards, though this will change in the near future. The Centers for Medicaid and Medicare plan to send new, SSN-free cards to all Medicare recipients by April 2019.

• Ask healthcare providers and staff how they protect patient information
And keep an eye out for potential security lapses, such as a medical file left unattended or a computer screen with private information on it left unlocked.

• Be cautious about revealing any health or medical information on social media
If your data is breached at a healthcare facility, Velasquez says, any online mention of your hospital, doctor, or health insurer makes it easier for criminals to fraudulently use your medical identity.

• Read all correspondence from your healthcare providers, including your health insurer
Pay attention to explanation of benefits letters and medical bills to ensure that listed procedure dates and providers match services you received.

• Act fast if you spot something concerning, such as medical appointments with unfamiliar doctors
First, call the facility to see whether it’s a mistake. If not, file a police report and a report with the Federal Trade Commission.

• Ask what steps will be taken in the event of a breach
You’ll probably receive support services such as credit monitoring.