Have you been asked for medical information during the pandemic? It's possible your employer requires frequent testing. Perhaps you were asked for specific information when you signed up to be vaccinated. In the future you could be asked to show proof of vaccination. How can you keep your private medical information safe and secure?
To learn more about your medical privacy rights, visit hhs.gov/hipaa
Selected Podcast
Safeguarding Your Medical Privacy
Featured Speaker:
Alexandra Hollenbach
Alexandra Hollenbach is director of Health Information Management at Henry Mayo Newhall Hospital. Among her responsibilities is helping to ensure our patient data stays secure. Transcription:
Safeguarding Your Medical Privacy
Melanie Cole (Host): Have you been asked for medical information during the pandemic? Does your employer require frequent testing or you were asked for specific information when you signed up to be vaccinated? How can you keep your private medical information safe and secure? Welcome to It's Your Health Radio with Henry Mayo Newhall Hospital. I'm Melanie Cole and joining me today is Alexandra Hollenbach. She's the Director of Health Information Management at Henry Mayo Newhall Hospital. Alex, I'm so glad to have you join us today. And this is a really great and very important topic. So, tell us what's going on as far as medical information, privacy and information sharing during this pandemic.
Alexandra Hollenbach (Guest): Well, more than ever, it's very important that people understand how their health information is being used and what the provider's responsibility is. We know on our side, that patients have very strong rights under HIPAA, which stands for the Health Insurance Portability and Accountability Act. And in a nutshell, it's a federal law that protects sensitive patient health information from being disclosed without the patient's consent or knowledge. So, as a provider, we have an obligation to protect that privacy. So, we have administrative and technical safeguards in place to assure that we keep your information safe, but there's also responsibility on the patient's side.
Host: And we're going to talk about that as well, but with all the misinformation going around, Alex, have any HIPAA requirements been changed during this pandemic?
Alex: No, they have not.
Host: Okay, so people are concerned and thank you for that, about Telehealth is this a risk for privacy issues as more and more people are using Telehealth for mental health issues and for all sorts of visits. And I personally don't see it going anywhere, anytime soon. I think we've realized that Telehealth is an excellent avenue for a way to reach out to your healthcare provider. What do we know about Telehealth and privacy issues?
Alex: Well, absolutely it is something that you do need to take into consideration, and there has been some relaxation on the technology that providers can use for Telehealth. Obviously providers don't want to use FaceTime. They can use Zoom as another avenue, but they have relaxed those safeguards and whether that will remain in place after the pandemic, is yet to be seen.
Host: So no FaceTime. That's very interesting to note. Thanks for that. And now I'd like really, before we get into some more of these details, I want your best advice on how we can keep our private medical information safe and secure. What do you want us to know? And what do you want us to do?
Alex: Well, I think, when we have disasters and pandemics, it just really opens up more criminal activity. People, those criminals prey on fear. So, one of the targets is your medical information and they're getting more and more savvy. And when they do get your information, they can sell it. They can use it to place false claims, prescription drugs, medical equipment. So, it's important that you're aware of what people are asking for you, what type of information and how they're asking it from you.
Host: Yes, that's really the crux of it, right? Is how they're asking it from you. So, what about something like sharing public health information with public health authorities, in the case of a pandemic? They're recording who has COVID, who tests positive, or if a kid comes down with something like whooping cough, these kinds of things are reported. Where does that fit into this privacy avenue we're discussing?
Alex: Well, we, as an organization, as providers, we're required by law to share that information with the public health. I think where patients need to be more vigilant is when they're receiving emails from senders they don't know who they are asking for very specific information. Whether they want insurance information, whether they're saying, hey, sign up for this vaccine, they're asking for money. There's just certain things that you should be looking at and not opening attachments in emails that you don't know who the sender is.
Host: I think that's really good advice across the board, really. Now, what if it is your employer? If they're requiring frequent testing. Now, my daughter has just started testing even though she's doing virtual school online; for badminton, they're doing a spit test twice a week now. So, what are our rights to privacy there? If it's your employer or if it's the school system and anything else starts to crop up? I mean, obviously they're going to know the results of a COVID test, but can anything else be shown from some of these things?
Alex: No. In respect to your employers, your health information is confidential. So, they may screen you upon entering work. They may require COVID testing and we will be required to report that to the department of public health, but they need to keep your medical record information separate from your employee file. So, they can't go ahead and disclose it to anybody else in the organization. Now they may have to obviously inform directors or supervisors in your area because we do want to keep our coworkers safe as well, but they really cannot disclose that information. It's private health information.
Host: Well, it's weird because they can't even disclose when somebody does test positive for COVID. We get these letters, you know, in an email that say someone tested positive at this school. But of course, nobody knows who it is, right? That's part of that important privacy. What about the vaccination situation? We had to put in specific information when we are signing up to be vaccinated and maybe even in the future, we might have to show proof of vaccination, showing papers, as it were. Tell us a little bit about this kind of privacy. Is that eroding a little, or is that, what is that?
Alex: I don't think it's eroding, but I think people need to be careful of what they're sharing. There is information on the vaccination card that could be forged or replicated to sell of course by criminals. But it is, important information for the safety of the public. And you know, sometimes that last piece of information that may be on your vaccination card is what that hacker is looking for. You know, these hackers are very savvy, so they're trolling social media. I think that's what comes to my mind when people are so excited that they've been vaccinated, which they should be, but showing certain information that's on your vaccine card could put you at risk.
Host: I think one of the things we've heard about over the years, is well, I mean, the stigma around mental health, and if you see a mental health professional, is that now something that other employers or wherever can find out that you have visited one of those kinds of physicians or healthcare providers. The same with a genetic counselor if you go to a genetic counselor and you find out that you have the BRCA gene mutation? Is this now something that's going to be shared with the life insurance companies and the whoever it is, future employers? What information Alex is protected?
Alex: Almost anything in your health record is protected. And can't be released without the patient's authorization. And that goes, and there's even more layers of protection for mental health records. So, really it's outside of certain treatment payment and healthcare operations that providers need to share information with, all other disclosures are at the consent of the patient. And again, mental health diagnoses or mental health records, have a little extra layer of protection.
Host: That's so encouraging to hear. So, before we wrap up, what do you think the most important message is here? What would you like listeners to know about their medical privacy and safeguarding their medical privacy especially during a pandemic, when it seems that everything we're discussing has to do with health of individuals? And it seems like everybody knows what everybody else is doing, but that's not really the case, right? So, wrap it up with your best advice about how this is all tying together to really keep us safe and secure so that we don't feel violated when we are visiting a mental health professional, or getting those vaccinations or getting a COVID test.
Alex: Sure. Again, I think everyone needs to be vigilant, even more so during a pandemic. I think providers are doing their best to assure the safety of patient health information at all times, but it is also the responsibility of the patient to make sure that they are being vigilant as well. So, making sure that you're not sharing personal health information with people who don't need to have that information. Not sharing anything over an email or over the phone, unless you know who you're speaking with. Shredding information, checking your metal core records. A lot of times people don't even know what's in their medical record or may even identify something in their medical record that wasn't even theirs, which could be a potential, you know, medical identity theft situation.
So, it's just really important that people stay vigilant. Contact their healthcare provider, if they have any concerns or their health insurance, if they have any concerns. It's just unprecedented times. And unfortunately there are people who take advantage of these times. So, it's just important to make sure that you are aware of what's going on in your record.
Host: See, I think that's the most important message. And thank you so much for reiterating that, is that we have to be aware of scams of as you say, people that are trying to get this information for their own gains. So, we have to be vigilant. We have to be aware and we have to be alerted and know what's in our medical record.
So, thank you for coming on and sharing your expertise and to learn more about your medical privacy rights, you can visit hhs.gov and search for HIPAA. And if you have concerns about COVID, we encourage you to check the Henry Mayo website@henrymayo.com and click on the virus link at the top of the page for more info.
That concludes this episode of It's Your health Radio with Henry Mayo Newhall Hospital. Share this show with your friends and family, because maybe it might just help for someone to be more aware of medical privacy issues and possibly prevent something from happening. So, share this show on your social media. I'm Melanie Cole. Thanks so much for listening.
Safeguarding Your Medical Privacy
Melanie Cole (Host): Have you been asked for medical information during the pandemic? Does your employer require frequent testing or you were asked for specific information when you signed up to be vaccinated? How can you keep your private medical information safe and secure? Welcome to It's Your Health Radio with Henry Mayo Newhall Hospital. I'm Melanie Cole and joining me today is Alexandra Hollenbach. She's the Director of Health Information Management at Henry Mayo Newhall Hospital. Alex, I'm so glad to have you join us today. And this is a really great and very important topic. So, tell us what's going on as far as medical information, privacy and information sharing during this pandemic.
Alexandra Hollenbach (Guest): Well, more than ever, it's very important that people understand how their health information is being used and what the provider's responsibility is. We know on our side, that patients have very strong rights under HIPAA, which stands for the Health Insurance Portability and Accountability Act. And in a nutshell, it's a federal law that protects sensitive patient health information from being disclosed without the patient's consent or knowledge. So, as a provider, we have an obligation to protect that privacy. So, we have administrative and technical safeguards in place to assure that we keep your information safe, but there's also responsibility on the patient's side.
Host: And we're going to talk about that as well, but with all the misinformation going around, Alex, have any HIPAA requirements been changed during this pandemic?
Alex: No, they have not.
Host: Okay, so people are concerned and thank you for that, about Telehealth is this a risk for privacy issues as more and more people are using Telehealth for mental health issues and for all sorts of visits. And I personally don't see it going anywhere, anytime soon. I think we've realized that Telehealth is an excellent avenue for a way to reach out to your healthcare provider. What do we know about Telehealth and privacy issues?
Alex: Well, absolutely it is something that you do need to take into consideration, and there has been some relaxation on the technology that providers can use for Telehealth. Obviously providers don't want to use FaceTime. They can use Zoom as another avenue, but they have relaxed those safeguards and whether that will remain in place after the pandemic, is yet to be seen.
Host: So no FaceTime. That's very interesting to note. Thanks for that. And now I'd like really, before we get into some more of these details, I want your best advice on how we can keep our private medical information safe and secure. What do you want us to know? And what do you want us to do?
Alex: Well, I think, when we have disasters and pandemics, it just really opens up more criminal activity. People, those criminals prey on fear. So, one of the targets is your medical information and they're getting more and more savvy. And when they do get your information, they can sell it. They can use it to place false claims, prescription drugs, medical equipment. So, it's important that you're aware of what people are asking for you, what type of information and how they're asking it from you.
Host: Yes, that's really the crux of it, right? Is how they're asking it from you. So, what about something like sharing public health information with public health authorities, in the case of a pandemic? They're recording who has COVID, who tests positive, or if a kid comes down with something like whooping cough, these kinds of things are reported. Where does that fit into this privacy avenue we're discussing?
Alex: Well, we, as an organization, as providers, we're required by law to share that information with the public health. I think where patients need to be more vigilant is when they're receiving emails from senders they don't know who they are asking for very specific information. Whether they want insurance information, whether they're saying, hey, sign up for this vaccine, they're asking for money. There's just certain things that you should be looking at and not opening attachments in emails that you don't know who the sender is.
Host: I think that's really good advice across the board, really. Now, what if it is your employer? If they're requiring frequent testing. Now, my daughter has just started testing even though she's doing virtual school online; for badminton, they're doing a spit test twice a week now. So, what are our rights to privacy there? If it's your employer or if it's the school system and anything else starts to crop up? I mean, obviously they're going to know the results of a COVID test, but can anything else be shown from some of these things?
Alex: No. In respect to your employers, your health information is confidential. So, they may screen you upon entering work. They may require COVID testing and we will be required to report that to the department of public health, but they need to keep your medical record information separate from your employee file. So, they can't go ahead and disclose it to anybody else in the organization. Now they may have to obviously inform directors or supervisors in your area because we do want to keep our coworkers safe as well, but they really cannot disclose that information. It's private health information.
Host: Well, it's weird because they can't even disclose when somebody does test positive for COVID. We get these letters, you know, in an email that say someone tested positive at this school. But of course, nobody knows who it is, right? That's part of that important privacy. What about the vaccination situation? We had to put in specific information when we are signing up to be vaccinated and maybe even in the future, we might have to show proof of vaccination, showing papers, as it were. Tell us a little bit about this kind of privacy. Is that eroding a little, or is that, what is that?
Alex: I don't think it's eroding, but I think people need to be careful of what they're sharing. There is information on the vaccination card that could be forged or replicated to sell of course by criminals. But it is, important information for the safety of the public. And you know, sometimes that last piece of information that may be on your vaccination card is what that hacker is looking for. You know, these hackers are very savvy, so they're trolling social media. I think that's what comes to my mind when people are so excited that they've been vaccinated, which they should be, but showing certain information that's on your vaccine card could put you at risk.
Host: I think one of the things we've heard about over the years, is well, I mean, the stigma around mental health, and if you see a mental health professional, is that now something that other employers or wherever can find out that you have visited one of those kinds of physicians or healthcare providers. The same with a genetic counselor if you go to a genetic counselor and you find out that you have the BRCA gene mutation? Is this now something that's going to be shared with the life insurance companies and the whoever it is, future employers? What information Alex is protected?
Alex: Almost anything in your health record is protected. And can't be released without the patient's authorization. And that goes, and there's even more layers of protection for mental health records. So, really it's outside of certain treatment payment and healthcare operations that providers need to share information with, all other disclosures are at the consent of the patient. And again, mental health diagnoses or mental health records, have a little extra layer of protection.
Host: That's so encouraging to hear. So, before we wrap up, what do you think the most important message is here? What would you like listeners to know about their medical privacy and safeguarding their medical privacy especially during a pandemic, when it seems that everything we're discussing has to do with health of individuals? And it seems like everybody knows what everybody else is doing, but that's not really the case, right? So, wrap it up with your best advice about how this is all tying together to really keep us safe and secure so that we don't feel violated when we are visiting a mental health professional, or getting those vaccinations or getting a COVID test.
Alex: Sure. Again, I think everyone needs to be vigilant, even more so during a pandemic. I think providers are doing their best to assure the safety of patient health information at all times, but it is also the responsibility of the patient to make sure that they are being vigilant as well. So, making sure that you're not sharing personal health information with people who don't need to have that information. Not sharing anything over an email or over the phone, unless you know who you're speaking with. Shredding information, checking your metal core records. A lot of times people don't even know what's in their medical record or may even identify something in their medical record that wasn't even theirs, which could be a potential, you know, medical identity theft situation.
So, it's just really important that people stay vigilant. Contact their healthcare provider, if they have any concerns or their health insurance, if they have any concerns. It's just unprecedented times. And unfortunately there are people who take advantage of these times. So, it's just important to make sure that you are aware of what's going on in your record.
Host: See, I think that's the most important message. And thank you so much for reiterating that, is that we have to be aware of scams of as you say, people that are trying to get this information for their own gains. So, we have to be vigilant. We have to be aware and we have to be alerted and know what's in our medical record.
So, thank you for coming on and sharing your expertise and to learn more about your medical privacy rights, you can visit hhs.gov and search for HIPAA. And if you have concerns about COVID, we encourage you to check the Henry Mayo website@henrymayo.com and click on the virus link at the top of the page for more info.
That concludes this episode of It's Your health Radio with Henry Mayo Newhall Hospital. Share this show with your friends and family, because maybe it might just help for someone to be more aware of medical privacy issues and possibly prevent something from happening. So, share this show on your social media. I'm Melanie Cole. Thanks so much for listening.