It’s not the technology that has privacy experts like Peel most concerned, however. What troubles her is the loophole in existing law that gives thousands of companies — including self-insured employers, drug companies, banks and marketing firms — legitimate access to patients’ medical records without their knowledge.
A 2003 amendment to the Health Insurance Portability and Accountability Act (HIPAA), which Congress passed in 1996 to ensure medical records could not be given out without a patient’s consent, carved out an exemption for companies who use the records for health-related business activities, such as processing claims or managing benefits.
The exemption is so broad, and enforcement of violations is so lax, that virtually anyone can access your records, Peel said.
“Across the nation, the public is just beginning to wake up to this because they haven’t been told it’s a problem,” Peel said. “Over 600,000 covered entities can see and use your medical records without your objection, and you have no recourse. I don’t know how you can call that privacy.”