How to Own and Control Your Medical Records in the Age of Ransomware

Most hospitals and health systems, including smaller medical centers and clinics, provide access to patient portals—for physician/patient communications, booking appointments, bill payments… and for storing and sharing medical records.

However, you cannot rely on any medical portal to protect your information. Cast aside the false sense of security that HIPAA provides. HIPAA in and of itself does not create impenetrable fortresses that prevent hackers and ransomware operators from blocking access to your medical records.

We live in a new world of rampant ransomware pirates whose acts of sabotage and greed are not limited to gas pipelines, meat-processing plants, and phishing expeditions. Healthcare is now firmly in the crosshairs of hackers wanting to separate institutions from their data—including your critical medical records!

Recently, the patient portal of Scripps Health, a hospital system in San Diego, was breached and held hostage by a ransomware attack. It led to an information technology blackout, and the need to divert both staff and patients to nearby hospitals and clinics. For that period, communications and record-keeping was handled with pen and paper.

Enjoying this article? Subscribe so you don’t miss the next one. We’ll also send an excerpt from Glenn’s book, n of 1.

Last September a ransomware attack froze a chain of over 250 U.S. hospitals and clinics, forcing immediate, temporary changes to ensure continuity of critical heart rate and oxygen monitoring.

Under Federal law, providers are only required to publicly report data breaches when over 500 patients are affected.

During 2020, at least 23 million patient records were breached. For 2021 to date, over 16.6 million records have been breached. Experts believe that these numbers are undercounts.  This is an alarming, rising trajectory that portends real trouble. Missing patients’ records put patients at risk regardless of whether the hospital is in a ransom situation or not.

The driving point of this commentary is about you keeping control of your medical records.

Yes, in a ransomware situation, your privacy may be compromised, but your health is not compromised when you have the documentation to direct professionals that are caring for you.

Having full control of your comprehensive health and medical records is essential, especially if you are actively being treated for a chronic health condition. That self-management is a timesaver and potential lifesaver.

Having your complete records instantly retrievable will streamline all processes of dissemination to provide content with medical providers outside the portal system, and to confirm data is accurate to those who are in the portal system.

[Related content: Your Cancer Privacy]

How to Easily Control Your Medical Records

I advocate for an old-school, low-tech approach to compiling, organizing, and saving your medical records, a system anyone can create and maintain without paying a subscription fee.

Paper

  • The next time you communicate with or visit your medical provider, request a printout of ALL of your clinic notes and test results—ex., blood tests, imaging, prognostication assays from the past. If this proves impossible, then have them sent electronically to you for printing and storage, or to a family member who is willing to print them for you. Or, if available, download and save and print from the patient portal.
  • Make this same request from your other providers, past and present.
  • At each subsequent visit, after you have obtained all the history, make it an ongoing practice to request a paper printout from each and every physician visit—clinic notes and test results. Or, if available, download and save and print from the patient portal.
  • Organize your medical records in reverse chronological order, with the most recent data at the top of the stack.

Electronic

  • Scan all the paper records you obtain. This is your backup to your paper copies. Most phones have decent cameras if you don’t have a scanner.
  • Store the created files on the hard drive of your computer and on an external drive, or have a family member or friend assist you.

If you store your copies in a paper file, and on your computer, you can still store them in the cloud as yet another backup.

Enjoying this article? Subscribe so you don’t miss the next one. We’ll also send an excerpt from Glenn’s book, n of 1.

In 1991, years before patient portals, when I was diagnosed with leukemia,

I put the paper and computer backup process in place for myself. I had copies of everything, therefore I didn’t have to rely on medical providers mailing or faxing records that I needed to quickly share with other providers.  It was invaluable as I researched and queried various specialists in a variety of specialties. I always held the complete map of my journey.

My complete history was an arm’s length away. This was instrumental for the preparation of writing n of 1, as well as the peer-reviewed, published case capturing my clinical journey—everything was accessible in paper and digital form. It was enough work to go through 25 years of medical records without having to chase down, say, decades-old bone marrow biopsy pathology reports.

Be Active in Your Wellness Journey

Sometimes the most basic, straight-forward ways are undervalued. In this ransomware environment—in any environment—you must own and control your comprehensive medical records so you can review and share them whenever, and as, you deem appropriate.

Get used to leaving every medical-related appointment with a printout of your data, or an electronic file on your device (or portal) that you can print at home. Prioritize that and you will remain up-to-date with ‘owning and controlling’ your medical records.

Photo credit: bigstock.com/diy13