Sunday, March 20, 2011

Protecting Your Health Privacy
a book review

Protecting Your Health Privacy,  A Citizen’s Guide to Safeguarding the Security of Your Medical Information by Jacqueline Klosek is a comprehensive study of the law as concerns medical privacy.  The author is an attorney who specializes in privacy concerns and has published several other related books.  More information can be obtained at her website.

The book starts with a thorough review of the major laws governing health privacy, in particular HIPAA (Health Insurance Portability and Accountability Act) with its updates and the more recently passed HITECH Act.  There’s briefer coverage of other laws which also impact medical privacy including the Privacy Act of 1974, Alcohol and Drug Abuse Regulations, Family Educational Rights and Privacy Act (FERPA), Americans with Disabilities Act (ADA), the Genetic Information Nondiscrimination Act, and others.   All this is reviewed in a concise and lucid fashion.

The next chapter contains the information that patients need to protect their privacy.  It covers all aspects of an individual’s interactions with their medical providers in terms of obtaining access to their medical records and resolving disputes about them.  It outlines your right to privacy notices and how to restrict access to your records.  Any questions you may have concerning practical ways to obtain and protect your medical information will be answered.  Another chapter deals with personal health records, the services that Google, Microsoft and others are now offering patients to consolidate their medical records online and be able to make them available to any provider that needs them.  The author is more optimistic than I am that this is a valuable service that will also protect your privacy.  I think their potential for abuse is greater than their value, but the information is given for any who are interested.

There is also a section of concern to many, the laws governing employers’ ability to obtain and use your medical records.  This affects your employability and your chances for promotion.   Also covered are wellness programs at work, employers’ ability to monitor off duty conduct, and employers access to any social networking sites you may use.

A special section also reviews privacy issues when special protection may be needed.  The law may or may not afford such protection.  This includes mental health issues, addiction, and other socially stigmatized diseases such as HIV.  Anyone who suffers from these disorders should be fully aware of the special protection that the law may provide them.

Jacqueline Klosek
The rest of the book covers topics of broader interest which are not directly applicable to patient interactions.  Topics covered include data mining of medical information by companies and corporations.  Of special concern is the widespread data mining of your prescription information.  Suggestions are given as to how to protect yourself from this.  Another section deals with outright data theft and the various situations where it can occur including full medical identity theft wherein someone can obtain medical care under your name and you will receive the bill.

I have stressed the aspects of this book that are most pertinent to individuals seeking their own health care.  The book is equally of interest to physicians, other providers, businesses, and attorneys.   It could be used as the basis for a comprehensive course.  I personally wish the book had been organized a bit differently so that interested individuals would be directed easily to sections of greatest interest to them.   Nonetheless I know of no better reference source on this topic.


Doug Capra said...

This issue becomes more and more important as social media and smart phone applications become popular. Both patients, doctors and nurses will more and more store this private information on their phone apps or ipads and carry it around with them. What happens if a device is lost or stolen? Few people password protect their devices today. Another problem I see on various blogs -- the HIPAA and other regs have become so huge that a significant number of professionals don't understand some them. It's difficult to separate the really important ones from those less important.
That's why a book like this is so important for both patients and medical professionals.
Fine review, Joel.

Jan Henderson said...

My health care provider for the past 16 years has been Kaiser Permanente. During that time I noticed that they introduced the requirement of producing a photo ID for each appointment, which speaks well to their awareness of the issue of medical identify theft.

Their enforcement of HIPPA can be very stringent, I discovered. I teach in their Wellness Center and often have elderly students in my classes who need a family member nearby to make sure they find their way home. Kaiser’s interpretation of HIPPA privacy was that only enrolled students could be in the class (not because they’d be getting a free class, but to protect the other students’ privacy). I once had a student who was blind and needed someone to show her what I was demonstrating with my hands. In a case like this, there needs to be some flexibility, which is not always easy in a large bureaucracy.

This is off the topic of privacy, but I’ve been positively impressed with Kaiser’s delivery of health care – their computerized medical records, physician availability nights and weekends (usually with no wait time), and their history of promoting and supporting prevention programs.

I do feel I’ve never been well-informed about my patient privacy rights, however. For example, if I had an issue of mental health (which “feels” separate because it’s treated in a physically separate facility), would my primary physician be informed? Suppose I preferred to limit who had access to that information? I feel totally uninformed about who knows what.

There are grounds for optimism on those patient privacy issues that can be clearly identified and can be addressed through policies and laws. There are areas that still need special attention, of course, as you point out. Someday we may get to a point in health care where patients are truly confident that insurance companies (or their equivalent in the future) will not be able to use information to deny coverage. At that point, some of the trickier need-to-know issues of privacy may be easier to handle.

Addressing issues of patient modesty, on the other hand, will probably always be much more complex.

Anonymous said...


Do a search and you will see many well known and published cases
of Hipaa violations within that medical community.


Jan Henderson said...

Thanks, PT. I see what you mean. It’s a preformatted Google search term. And the problem includes identify theft. I read Matthew Holt’s take on the whistle-blower suit (, and his analysis seems reasonable to me. But I’m no expert on this.

Anonymous said...

As an example please see the recent
fine against UCLA medical center
for $865,000 levied for privacy
breeches regarding hollywood
celebs. This was not the first
time this occurred against these
medical facilities. Nursing schools
and medical institutions don't seem
to drive these issues home do they.