In our previous blog about Electronic Medical Record Concerns, we noted that using electronic medical records results in better care and saved lives primarily because the medical information is so easily accessible.  However, this also makes these records accessible to more people and increases the likelihood of misuse.  Consequently,  people are concerned with loss of privacy, and the potential inaccuracy and misuse of their medical records.   Who all have medical information about us?  What is being done to safeguard that information; and
what can we do to protect ourselves?

Where are our health records?  Well, we know that bits and pieces of our medical history are scattered amongst all of our health providers.  In addition, we know our health insurers document the medical services they’ve been billed for.  But who else has medical information about you?  Until recently,  people didn’t realize that if you purchase your own health or life or disability insurance, the medical information entered on the application is posted to a central database,  the Medical Information Bureau (MIB) shared by insurance companies.  If a physical examination or medical tests are required, any significant results from these are also added to your MIB data.  If you smoke or engage in high risk activities, this will also be documented by MIB.

IntelliScript and MedPoint are two other data bases used by insurance companies when consumers are seeking health, life, or disability insurance.  In this case, it is prescription drug purchases you’ve made that are recorded.  In most cases, this information comes from pharmacy benefit managers.  Why is this necessary?  About 10% of  insurance applicants don’t disclose all their relevant medical history; and insurance companies require this to gauge the risk they are taking by issuing the insurance.   However, accuracy is essential for you as
well.  Inaccurate data on IntelliScript and Med Point, as well as MIB, could result in higher than necessary insurance costs or a refusal to cover altogether.

The good news is that the companies responsible for these health-related databases are subject to the federal Fair Credit Reporting Act (FCRA).  In the case of MIB, you are entitled to obtain a free copy once a year of your records to ensure their accuracy.  They can be obtained by calling 866-692-6901, emailing them at [email protected], or consulting their website, www.mib.com.

People who’ve applied for health, life or disability insurance can view their prescription records once a year as well.  For MedPoint, call 888-206-0335 or write to: MedPoint Compliance, Ingenix, Inc, 2525 Lake Park Blvd., West Valley City, Utah, 84120.  IntelliScript reports are available by calling 877-211-4816.

The electronically stored medical records kept by your health providers are also protected by federal law, the Health Insurance Portability and Accountability Act (HIPAA).  The severe penalties that are called for under this law if  medical records have been misused have encouraged medical providers to be more vigilant about your records.  In addition, HIPAA also requires health providers to give patients their medical records on request.   But HIPAA only applies to medical records maintained by healthcare providers and only if the facility maintains and transmits records in an electronic format.  However, medical privacy laws in California, as well as in many other states, require all medical providers, regardless of how they maintain their patients’ records, to make them available upon request.

Unfortunately,  not all information about our health is protected.  For example, many of us participate in informal, often free health screenings for cholesterol, blood pressure, weight and fitness offered at malls, pharmacies, and health fairs.  The results of these tests as well as any other information you’ve been given can be passed on to direct marketers and businesses.  Many Internet sites offer health related coupons or services in exchange for personal and family health information.  Even our checking account transactions can be made available to bank affiliates who scour these for information about you unless you make the effort to contact them and ‘opt out’ of these data transfers.  Nothing but our own awareness and commonsense can protect us from the misuse of these records.

It’s clear that although laws protect some of our medical information, we need to be responsible for its accuracy and mindful of who we share it with.  In fact, it’s been recommended that we go a step further and maintain our own comprehensive medical history to ensure its completeness and accuracy.  Look for more about this in  Part 4:  Keeping Your Personal Health Record.