Threats to Medical Record Privacy
- Administrative Actions. This includes errors that
release, misclassify or lose information. This includes
compromised accuracy, misuse by legitimate users, and uncontrolled
- Computerization. While in some situations
computerization increases privacy protection (for example, by
adding passwords to sensitive areas), it may also decrease privacy
protection for the following reasons.
- Computerization enables storage of large amounts of data in
small spaces. Thus when an intruder gains access, it is access
not just to certain discrete amount of data, but to larger
collections, and perhaps keys to even further information.
- Networked information is accessible from anywhere at any
time, allowing a larger number of people access. This increases
the possibility of mistakes or other problems such as misuse or
leaks of data.
- New databases and different types of data sets are more
easily created. This both drives demand for new information and
makes possible its creation.
- Information is easily gathered, exchanged and transmitted.
Thus potential dissemination theoretically limitless.
- Access by unrelated parties.
- Insurance companies. They may either check records
before approving treatment or who may check records before
- Drug companies. These companies may have deals
with doctors and hospitals, and who may use the list for
marketing. (Consumer Reports)
- For example, PCN (Physician's Computer Network) has
access to the patient records of 41,000 doctors, which is
about 10% of office-based doctors in the United States. By
participating in the PCN, a doctor requires a doctor to view
promotions from drug manufactures. In addition, PCN reserves
the right to copy information from the computer to other
companies. Of course, this can only be aggregate data, but
may include ages, diagnoses, treatments, and prescriptions.
Most policies that consumers fill out have an
authorizations to RSA information to the insurance company.
Most insurance policies sold in the U.S. and Canada also
give notice that a report may be filed with the Medical
Information Bureau (MIB), which is financed and run by the
insurance industry to detect fraudulent applications. Of
course, not everyone is included in the MIB
- Court subpoenas. Often a patient will be unaware when
her or his records have been subpoenaed. Even worse, unnecessary
information is often included when the records are not adequately
Return to EPIC Medical
Return to EPIC Privacy