It’s not surprising that hospital employees would be interested in the medical records of celebrities like Maria Shriver, Farrah Fawcett, Britney Spears and George Clooney.
But famous names may not be the only ones whose medical files are being snooped through, according to two medical experts.
Essentially, all medical records — including the average Joe’s — are up for sale to large corporations, research facilities and drug companies, said Dr. Deborah Peel, founder and chairwoman of Patient Privacy Rights, a non-profit advocacy group in Austin, Texas.
By signing a Health Insurance Portability and Accountability Act consent form, she said, you not only are giving your doctor and insurance company access to your medical records, but you may be giving them permission to sell your information, as well.
“The privacy rule requires health care providers to give patients a notice of privacy practices to provide them with important information on how their health information may be used and disclosed, as well as what their rights are with respect to their information and how the individual can exercise these rights,” says Linda Sanches, senior adviser for HIPAA Privacy Outreach, Office for Civil Rights, U.S. Department of Health and Human Services.
In other words, be sure to read very carefully before you sign on the dotted line.
Herrick also said many drug companies and researchers buy aggregated information so they can figure out which drugs work and which ones do not.
“The other aspect is commercial,” he said. “Let’s say AstraZeneca wants to know about heartburn or GERD. They want to know what you are taking, so they can sell you their drug.”
Sanches said for a health care provider (including doctors), health care clearinghouse (including public and private third-party billers) or health insurance plan to obtain that kind of information, there must be a signed authorization.
Advocacy groups promoting privacy rights are stepping out in light of recent, highly publicized breaches of confidentiality. On Monday, the media reported that TV newswoman Shriver, who is California’s first lady, was among more than 30 high-profile patients who had their confidential records breached at UCLA Medical Center.
Lawanda J. Jackson, the woman responsible in the Shriver case, is the same employee who sneaked into actress Farrah Fawcett’s medical records, officials told the Los Angeles Times on Sunday.
She resigned in May 2007, reportedly before officials could fire her, after UCLA learned of the widespread breaches, but patients were not notified, the hospital said.
In all, the employee improperly looked at 61 patients’ medical records in 2006 and 2007, according to state and local medical officials. These included those of Fawcett, Shriver and 31 other politicians, celebrities and well-known people, according to the Los Angeles Times. Names of the other patients were not disclosed.
The head of the UCLA Hospital System, Dr. David Feinberg, apologized for the breaches and said the woman behind them had been a “rogue” employee.
After being informed last week that his wife’s medical records had been accessed, Gov. Arnold Schwarzenegger issued a statement saying that “a breach of any patient’s medical records is outrageous.”
The secretary of the California Health and Human Services Agency, Kim Belshe, said Sunday that her agency is “very concerned about what appears to be a pattern of repeated violations.”
The state will be taking action against UCLA, she said.
This is the same facility that fired several employees for looking at Spears’ records when she was hospitalized in January.
In a similar violation, the medical records of Clooney and his girlfriend, Sarah Larson, were exposed to the press in September when the two were in a motorcycle accident in New Jersey. Palisades Medical Center suspended 27 employees in October, about a month after Clooney’s accident, for accessing the actor’s records, Peel said.