According to the president of the Patient Privacy Rights Foundation, about 800,000 companies, government agencies and other organizations can tap into your personal medical information "almost at will." Prescriptions are "an open book" to various companies that are not required to disclose their need for the information.
In 2002, the Department of Health and Human Services amended the Health Insurance Portability and Accountability Act to eliminate the consent requirement of accessing medical records as it relates to treatment, payment or health care operations. Specifically, the changes allowed the sharing of information not just among
doctors, but also among other "covered entities," which can include
business affiliates of health care organizations such as data
clearinghouses, accounting firms, law firms and even banks.
For example, the Federal Deposit Insurance Corp., the government's
banking regulator, has a policy saying that creditors aren't supposed
to use medical data in determining whether a person is eligible for a
loan. However, creditors who have such information may share it with
their "affiliates," according to the policy, and from there, it's considered credit information, not medical data.
Such information can even find its way into a person's credit scores and might
even affect the rate he pays on loans or his ability to get financing.
Source: "Your Medical Data May Not Be as Private as You Think" by Loren Steffy, published in the Houston Chronicle.
