Personal medical information most people assume would never leave their doctor’s office may be on sale to anyone who has the cash, the I-Team has found.
That information includes patients’ names, birthdays, ailments and medications, all for sale in a lucrative underground medical marketplace.
For less than $1 a name, the I-Team purchased medical information for hundreds of New York-area residents. The people on the list were shocked to find out how much the I-Team knew about them.
“I’m really concerned about how they got this information,” said Nidia Sanchez, of the Upper West Side after a reporter showed her her birth date, Medicaid number and diabetic condition on the list. “I’ve got to go pursue this issue now.”
The I-Team purchased the database from a company called Lead Publisher, which claims that everyone whose name is on the list has consented, usually by taking an internet survey. A company representative did not return calls seeking comment.
But several people interviewed said they had never consented to share their private medical histories.
Victor Niewiadomski, 84, of Brooklyn said he doesn’t even have a computer.
“There must be some law against this,” Niewiadomski said. “I’m sure if they’re doing it they know they can get away with it.”
That may be about to change, medical experts say. While it is illegal to sell private medical information without a patient’s consent, with a few exceptions for research and public health purposes, until now third party vendors have largely gone unpunished.
But an update to federal health policy laws (HIPAA) that was made earlier this year will be enforced starting Monday. That means businesses that sell your private information will be subject to new civil penalties, experts said.
According to the Federal Trade Commission, there is good reason to be concerned if your medical data goes public. If a thief got hold of your name or health insurance numbers, he could use it to see a doctor, get prescription drugs, file insurance claims and get other care. And if that person’s medical information gets mixed up with yours, that can affect your care, insurance payments and credit, the FTC says.
To make sure your medical information has not been shared improperly, the FTC says to read your medical and insurance statements regularly and completely. Check to make sure the name of the provider, the date of service, and the service that was provided are all accurate. If you see a mistake, contact your health plan and report the problem.
Other possible signs of trouble include: a bill for services you didn’t receive, a call from a debt collector about medical debt you don’t owe or medical notices on your credit report you don’t owe.
If you suspect your information has been shared without your permission, the FTC says you have the right to get copies of your medical records, although you may have to pay for them. Each medical provider or health plan also must tell you any of your medical information that was shared, when it was shared, with whom and why. Ask your health care provider to correct any errors in your records.
Sanchez said she was going to set about tracking down how her information got out.
“Fraud, all the way,” she said when asked what she thought about her information being available for a price. “Someone is getting this. How?”