There are laws that protect the privacy of your health information held by those who provide you health care services. But as it becomes easier to get and share your own health information online, you need to take steps to protect it. This applies whether you are downloading a copy of your health information, emailing your doctor, taking an online health survey, or using a variety of digital apps or devices to monitor your health.
Does HIPAA protect all health information?
No. You may have heard about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These are federal laws that set national standards for protecting the privacy and security of health information. Health information that is kept by health care providers, health plans and organizations acting on their behalf is protected by these federal laws. However, you should know that there are many organizations that do not have to follow these laws. Some examples of health information that are not covered by HIPAA include health information that patients:
- Store in a mobile app or on a mobile device, such as a smartphone or tablet.
- Share over social media websites or health-related online communities, such as message boards.
- Store in a personal health record that is not offered through a health provider or health plan covered by HIPAA.
Keep your electronic health information secure
There are medical identity thieves that could try to use your personal health insurance information to get medical treatment, prescription drugs or surgery. The best way to protect yourself against this possibility is to make sure you verify the source before sharing your personal or medical information. Safeguard your medical and health insurance information and shred any insurance forms, prescriptions or physician statements.
There are a number of ways you can help protect your electronic health information. Here are some tips to ensure your personal health information is private and secure when accessing it electronically:
When creating a password
- Use a password or other function on your home computer or mobile device so that you are the only one who can access your information.
- Use a strong password and update it often.
- Do not share your password with anyone.
When using social media
- Think carefully before you post anything on the internet that you don’t want to be made public – do not assume that an online public forum is private or secure.
- If you decide to post health information on a social media platform, consider using the privacy setting to limit others’ access.
- Be aware that information posted on the web may remain permanently.
When using mobile devices
- Research mobile apps (software programs that perform one or more specific functions) before you download and install any of them. Be sure to use known app websites or trusted sources.
- Read the terms of service and the privacy notice of the mobile app to verify that the app will perform only the functions you approve.
- Consider installing or using encryption software for your device. Encryption software is now widely available and increasingly affordable.
- Install and activate remote wiping or remote disabling on your mobile devices. It allows you to permanently delete or lock data stored on a lost or stolen device.