Securing Your Medical Identity on Social Media: "My Current Situation"

How often have we seen selfies posted on social media with the caption, "my current situation?" The answer, too often. Most are completely unaware of the detailed information that lies within that hospital band leaving them vulnerable to identity theft. Healthcare professionals are required to protect your healthcare information.

Your hospital bands are actually used as an internal mechanism for hospital staff to identify patients. Prior to the Health Information Portability and Accountability Act of 1996, those bands would identify you by social security number. With fraud and identity theft on the rise the HIPAA Act of 1996 required medical providers to no longer use social security numbers and instead identify the patient with an MR (medical record) or MRN (medical record number). The HIPAA law includes provisions to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also defines requirements for the privacy and security of protected health information.

On your bands are your date of birth and patient account number sometimes referred to as an encounter number that represents a particular visit or series of visits when there is an inpatient stay. Your MRN follows you forever, while your encounter/visit number is created per visit. The barcode serves as a purpose to further identify you, charge capture of hospital supplies and eliminate medication errors. Your wristband could also be color coded for the safety of yourself or for the hospital staff caring for you. Some colors represent infectious diseases like HIV or hepatitis, that you are at risks for falls or are on oxygen.

All of this information is the perfect recipe for an experienced hacker to commit insurance fraud and identity theft. It's no different than taking a picture of your driver's license and sharing it with your social media friends. As a patient you should know your rights in the event of a breach.

So, as a patient how do you protect yourself? First, refrain from sharing this information with others. Secondly, know your rights as a patient. If you feel your records have been compromised you have the right to request copies of your records and the names of hospital staff who have accessed your records.

If you'd like to learn more visit https://www.healthit.gov/sites/default/files/YourHealthInformationYourRights_Infographic-Web.pdf