May 24, 2019 - Technology
Series / What they know about you

What your hospital knows about you

Illustration of a neon sign in the shape of a health plus with an information "i" in the center.

Illustration: Aïda Amer/Axios

Every trip to a doctor's office or hospital adds more information to a deep, comprehensive record of who you are — physically, emotionally and even financially.

Why it matters: Health care data breaches are more common than ever, putting our most sensitive personal information at risk of exposure and misuse.

How it works: A vast majority of doctors' offices and hospitals now use digitized records systems, and even though electronic health records have pitfalls, they can help patients and the health care system overall.

  • For example, if new doctors or emergency-room nurses can quickly pull up a list of your allergies, they're a lot less likely to accidentally give you a drug you're allergic to. If they can see your recent test results, they're less likely to order a new and unnecessary test.

Yes, but: "No one truly understands there's no such thing as deleting information from a health care file," said Pam Dixon, executive director of the World Privacy Forum. "You cannot push the rewind button."

  • The federal law called HIPAA limits the ways doctors and hospitals can share patients' health data. However, intentional hacking and inadvertent leaks are still common.
  • And it's often difficult to access your own records — to see for yourself what your doctor or hospital is able to see about you.

The medical details: Health records house more information than most people may realize.

  • They contain all the obvious stuff: Height, weight and age; every appointment, vital sign, allergy, test, surgery, procedure and scan; and any prescription drugs you take, or have taken in the past.
  • Everything else you, your family or your friends divulge to doctors also gets recorded. That could include describing your drinking habits, admitting responsibility in a car accident, sharing marital problems or even sending a Christmas card.
  • "Whatever you tell them is fair game to go into your file," Dixon said. "Even though it seems obtuse, if you wrote something deeply personal in that [Christmas] card, it could be open to public exposure."

The financial details: Insurance and contact information are always on file.

  • Hospitals' billing departments also have more personal financial information — like debit and credit card numbers — because insurance plans keep requiring patients to pay more out of pocket.

But that's not all: Uninsured or low-income patients can apply for hospitals' financial-assistance programs, but they have to prove they qualify.

  • That usually means handing over tax returns, pay stubs, bank statements or other relevant financial information. (Hospitals can — and do — seize those assets to cover unpaid bills.)
  • "It sort of feels like you're being Mirandized," said John Hennessy, chief business development officer at WellRithms, which reviews medical claims and bills.

The bottom line: All of this information can be exposed in data breaches, but also in medical malpractice lawsuits, workers' compensation lawsuits or custody disputes.

Go deeper: Learn what other companies know about you

Go deeper