Photo of healthcare professional using a tablet with other providers caring for patient in the background

Patients: Help Keep Your Personal Information Secure

8 Dec 2015 by Sally Clasen

Anyone who has ever visited a doctor’s office or healthcare facility has a documented medical history — and chances are high that a complete stranger might have access to that information, too. Hospitals, health insurance companies, and universities have all become a frequent target of cyberthieves who steal massive databases of personal information and the threat of data breaches grows.

In July, UCLA Health was the latest victim of hackers when the medical information, social security numbers, Medicare numbers, health plan IDs, birthdays and physical addresses of 1.5 million visitors and staff of the organization, which includes four hospitals and 150 offices across Southern California, was potentially compromised.

While healthcare agencies are mandated by state and federal regulations to ensure personal medical information stays private, no system is foolproof. Patients can actually be a strategic ally with IT professionals to stop cyberthieves in their tracks by taking self-responsibility for protection and not giving the criminals what they want:

Social security numbers — Even though many doctor’s offices request patients provide their Social Security Number (SSN) or a family member’s, it’s not required by law. SSNs have become universal identifiers, but they were originally created by the IRS to keep track of workers’ earning histories. Even though the forms you fill out at the doctor’s office have a space for your SSN, leave it blank. It’s not necessary for your doctor to have, unless he wants to collect a debt.

Email addresses — The electronic age of convenience makes it easy to turn over an email address (with permission) to healthcare professionals so they can share medical information such as instructions for care and even test results. While the Health Insurance Portability and Accountability Act (HIPPAA) standards call for reasonable safeguards and policies, email addresses are an easy target for identity theft because the information is often sent over unsecured platforms trolled by cyberthieves. If you prefer this method of communication from your doctor or another health expert, be cautious about what the conversation contains.

Credit card numbers — It’s common practice for physician and health offices to ask patients for a credit card to keep on file for future payment of services. But cybersecurity experts recommend patients refuse to provide credit details and instead “pay as you go” to prevent being an identity theft victim.

While emerging technologies can positively impact your healthcare, it’s important to know background information that will help you make well-informed decisions.