Most of us have been treated by doctors and other providers for a good portion of our lives. This means we’ve got personal health information scattered, often over a very wide area of providers, clinics, hospitals and systems.

This information is important for providers, but it’s also important for us to know where our information is located. There are federal rules for security of this information, but unfortunately most providers and their clinics are not in compliance with these standards. And health data security breaches (read more here) are an increasingly common problem, which affects all of us. The sad truth is that your personal information is worth many times what your bank card numbers are worth to criminals.

What can health care consumer/patients do? There are a few practical steps to take.

  1. Make a list of all providers, clinics, hospitals and systems you have been a patient at–as far back as you can remember or document.
  2. Contact any of them that you do not intend to receive care from in the future. Request a HIPAA Permission Form from them.
  3. Fill out the form and withdraw permission for them to maintain your information. Keep a copy and send the original back to them.
  4. Request copies of all your health records from all the providers you’ve seen. You should not be charged for this service. Remember that you own your own health information; providers own the records, but the actual information (data) is yours, and you can re-assert control over where it is stored, and what people do with it.
  5. Each year your providers will give you a new HIPAA permission form. You have the right to not give them permission to share your information with anyone. Many drug companies and researchers pay for access to your personal information. You may not care if they do so, but if you do, you can withdraw permission for your providers to share that information.