The Health Insurance Portability and Accountability Act — or HIPAA, for short — was enacted last century and served to protect the privacy of patients at that time. But things have changed a lot since then, and a growing number of experts say it’s now become woefully insufficient at addressing modern concerns.
The rise of third-party trackers
When you go to a hospital or almost any type of healthcare facility, chances are it uses a system that allows external tracking software to access potentially sensitive information about your visit.
In fact, the University of Pennsylvania determined that a staggering 99% of U.S. hospitals use websites that have such an arrangement.
A number of companies — including GoodRx and BetterHelp — have already faced fines for sharing patient data with Google and Facebook, among other tech firms.
Fortunately, regulators are starting to take notice.
The Department of Health and Human Services’ Office for Civil Rights launched an investigation into the situation, as well as how HIPAA can be updated to respond to these complex digital-age issues.
What information might be at risk?
It seems that the biggest security issue facing most patients is that it’s just not clear how these third-party trackers are using the information they access — or even what that data includes.
We already know that lenders and employers can use our digital activity to help determine whether we’d be a good candidate for a loan or a quality job applicant. That can involve our social media posts, the apps we download on our phones, or even what we search for on Google.
And privacy advocates believe that health-related information might also be included in the mix.
Whether it causes a job loss or higher insurance premiums, there’s no upside when Big Tech gets its hands on personal data.