CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

Health Care Agencies Violate Patients' Privacy

GAO: 40% of Insurers, Medicare/Medicaid Offices Lost Data

By Martin H. Bosworth
ConsumerAffairs.com

September 6, 2006

• GAO: Government Can Do More to Protect Personal Data
• US Search Agrees to Stop Selling Private Credit Data
• TSA Site Left Passenger Data Exposed To ID Theft
• Connecticut Governor Wants 'Opt Out' For Online Directories
• Verizon Gave Customer Data To Government Without Court Orders
• House Democrats Probe Warrantless Surveillance
---
• More Privacy News ...

As the federal government pushes harder for electronic sharing and storage of medical records, privacy and security advocates have been raising concerns about the potential for data breaches and misuse and a new government report supports those fears.

A report issued by the Government Accountability Office (GAO) reveals that privacy breaches have been rampant among state, national, and military health care agency contractors since 2004.

According to the GAO report, 40 percent of health insurance contractors and state Medicare/Medicaid offices experienced data breaches in the last two years.

The report also found that vendors contracted to provide health technology needs heavily outsourced their work to other contractors, many of whom may have been outside the United States.

Although the agencies surveyed rarely outsourced their work offshore directly, "[s]ome federal contractors and state Medicaid agencies did not always know whether their domestic vendors engaged in further transfers of personal health information domestically or offshore. Others indicated that they did not have mechanisms in place to obtain such information," the report said.

Among the report's findings:

• One privacy breach occurred in 2004 when a vendor tasked to collect data from patient surveys in California outsourced the task to another vendor, who designed the survey in such a way that patients could see others' personal information. An offshore vendor for another project blackmailed the agency with threats of disclosing patients' personal information unless they received payment for their transcription services.

• The agencies overseeing the Medicare, Medicaid, and TRICARE military health programs have differing requirements for reporting privacy breaches. While the TRICARE Management Agency (TMA) required notification of privacy breaches from all of its contractors, the Centers for Medicare and Medicaid Services (CMS) did not require it from Medicare Advantage plan contractors or state Medicaid agencies. In comments appended to the report, CMS concurred with the findings and detailed its plans to improve practices.

• The GAO recommended that the agencies extend their privacy practices to all contractors and subcontractors, and perform regular monitoring and oversight of every vendor they use to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), and the 1974 Privacy Act, both of which regulate government agencies' collection of personal and medical data.

"We believe that federal contractors and state Medicaid agencies should be held accountable for how well personal health information, held by them or disclosed to their vendors, is protected," the report concluded.

It's not the first time the GAO has taken government agencies to task for failing to secure Americans' personal data in their operations.

A September 2005 report found that while agencies such as the IRS and FBI had authorized some data privacy regulations, none of the agencies surveyed had fully implemented all of the necessary rules to ensure privacy needs were met.

A January 2006 report found that government agencies had vastly different requirements for the handling of Social Security numbers by contract vendors the agencies outsourced business to. This led to "gaps in oversight," and potential dangers for data breaches.

In the wake of the massive Veterans' Administration data breach stemming from the theft of a laptop, government agencies have said they are scrambling to lock down data and institute new privacy and security safeguards. But the number of reported breaches indicates there is still much more work to be done.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

July 9 2008

Print, mail, etc.

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

Knowledge is free.
Knowledge is power.

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.