The insights health-care entities have about the people they serve is extensive, and issues arise when this information is misused, such as when information is accidentally compromised. Shockingly, 78% of health-care workers lack data privacy and security preparedness, which caused vulnerabilities that contributed to a total data breach cost to the industry of $6.2 billion in 2016.
This is detrimental to the businesses involved, but what are the repercussions to individuals when their health information is mismanaged? At best, they’re embarrassed, but at worst they may face reputational, financial, or employment-related impacts.
Aetna fall-out: The consequences of stigma and discrimination on those who are breached
A prime example of employee negligence in handling sensitive information involved the insurance company Aetna. In 2017 they accidentally disclosed the HIV status of thousands of customers when they sent them a letter in a window envelope that had an opening large enough to read the letter. This was an unfortunate case where a mistake led to a privacy breach that had serious and long-lasting impacts on the people affected.
Aetna’s actions left people extremely vulnerable and exposed. Not only family, but roommates and complete strangers could have been exposed to their private health information. In some cases, this caused emotional distress due to discrimination and harassment, with many people resigning from their jobs and unable to face the stigma. Some even had their homes vandalized and felt it necessary to move. While the stigma surrounding HIV may be less severe than it used to be, the reality is that serious discrimination still exists.
Our right to privacy is linked to the values we have as a society around individual and personal autonomy. Breaches such as the Aetna one is an extreme case of the severe repercussions when this right to privacy is taken away from us. Protecting patient confidentiality is critical to ensuring people feel safe when they receive their health care.
HIPAA: Keeping patients at the center of things
How do we know that our personal health information is not going to be accessed by external parties or used to our detriment? This is more serious than a compromised password. Biometric, genetic, and some health information cannot be reset or changed at will.
Regulations, such as HIPAA, are vital to ensure the security and privacy of health information is top of mind for all health-care providers. HIPAA is important to ensure that electronic personal information is collected, used, and disclosed within the appropriate technological and procedural safeguards. For example, HIPAA has rules that guide health-care organizations and restrict who can view health information. HIPAA also gives agency to patients by allowing them control over who their information is released to.
Health-care providers need to ensure that they’re following the rules and keeping patients’ wellbeing at the center of all decisions. Aetna had to settle for $17 million. Other companies have paid more because of lawsuits or fines imposed by HIPAA violations. If we add to that the impact the breach had on reputations, the costs are substantial.
Having a privacy program in place where personal health information is collected, used, disclosed, retained, and disposed of in a secure manner ensures your patients are protected and all health-care organizations can serve patients more effectively.