Do You Know Who Profits From Your Medical Records?
Your medical records are a hot commodity. Healthcare provider entities and healthcare information exchanges routinely sell them to eager buyers. They first remove your name and identifying information as required by HIPPA laws and then aggregate them to sell to pharmaceutical companies, insurers, health systems, government organizations and other who gladly pay for it.
This growing and profitable market for health care data or Protected Health Information (PHI) is attracting sophisticated cybercriminals using malware and elaborate phishing schemes to illegally attain PHI and sell it to bad actors. This PHI data is preferred by cybercriminals because it is easy to sell and harder to cancel or secure once stolen. In 2020, according to the United States
Health and Human Services over 39 million medical records were compromised. These records are used to propagate medical identity theft, financial fraud, leverage ransom payments from health care entities and other hacking campaigns. These health records are best sellers on the dark web not only because of the health care data but also other sensitive data that exist in your medical records. Examples include insurance policy numbers, social security numbers, medical diagnosis and credit card information. These records can command prices ranging from $250-$1000 per record on the dark web.
On the positive side, health care data is sold to legitimate research entities, insurance companies and nonprofit organizations who use it for making better business and patient care decisions. It supplies data to medical/dental researchers and it aids in advancing science. It is also used to analyze and control costs and It works to improve efficiencies. These are all good and noble uses of health care data. This benefits all of us in the long run.
But what do we as individuals have to say about this?
Today everyone’s healthcare records are kept by providers. You visit your primary care physician, a specialist, a pharmacy, your dentist, a hospital, imaging centers. Those entities all have custody of your records and own of your data. You do not! And in most cases your health care data is kept in different proprietary software systems from different providers that do not communicate with each other. While these providers must comply with laws to protect and secure your data, they own your data.
That is why they can sell it to someone else if they follow the accepted security and de-identification protocols.
What if instead there was a healthcare record solution where you owned the data. It is your data, right? Wouldn’t it make sense for it to live in a place you control? You would require your healthcare providers to report your information to your personal healthcare record account. You would be the one that controlled access. If you visited a specialist needing last week’s x-rays or images, you click a button, and they get it. If your doctor needs it right away (think an emergency), you click and get it to them and not wait for someone else to send them.
I am not describing something complicated, difficult to use or expensive. I am talking about something as simple as a phone app where you can see your records and send them to someone else. You are in control.
Well, if you had that, wouldn’t it make sense that you could be the one selling your health care data like some of your providers do. You would be the one getting paid for it and you would be the one making the decision on what components of the data you want to sell and which parts you want to remain private.
That seems fair right.
Something like your healthcare records is very personal. It should be yours. That makes you the VIP and not someone else with you controlling your Health Recs.