Get a Clue About What Databases Have on You
When it comes to car crashes and claims on your homeowners policy, it's good to be clueless. And if you think an A-Plus is always a good thing to get, think again.
That's because anyone who has had a car accident or made a claim on a homeowners insurance policy in the past five years likely has a CLUE, a record on the Comprehensive Loss Underwriting Exchange, or an A-PLUS, a record on the Automated Property Loss Underwriting System. Most people, however, don't have a clue about CLUE and A-PLUS, or how insurers use the information on those and other data repositories, such as MIB (Medical Information Bureau), to determine how much you pay for insurance or even whether you can make the grade to get insurance.
Meanwhile, health-care providers, dangling the carrots of better care, simplification, and cost-savings as potential benefits, are putting health records online, adding to concerns about identity theft and misuse of information.
Face it. Your personal information is out there. "There's a certain amount of your personal information that you can't protect," says Pam Dixon, executive director of the World Privacy Forum, San Diego, a research group that focuses on privacy issues.
It's downright daunting to know that your digital dossier resides in databases that you've never even heard of, and that people that you've never met have access to it. But these data repositories aren't new. MIB has been around for more than 90 years, for instance.
What's new is that the Internet--the same tool that puts a world of data at your fingertips--also makes it easier for thieves to get access to sensitive personal data. That's the price for making the information easy to access for those who can use it to make your life better by holding down your insurance costs or giving you better medical care.
Having your medical information available to medical professionals in an emergency could save your life.
National Health Information Network coming together
What's also new is the push to make medical records more easily available to a wider array of health-care professionals.
Personal health records maintained on Web sites need to have a built-in authentication process that ensures privacy and security of both access to the information and use of the information by medical professionals.
Dixon is concerned that technology is outrunning the safeguards. "Problems are cropping up that have not been fixed and are not being fixed at a fast enough rate to protect consumers," she says. "There are problems with altered records that do not leave an appropriate audit trail. Some do it right, others don't."
Keep in mind that these databases do benefit you. Having your medical information readily available to medical professionals in an emergency could save your life. Electronically transmitting a prescription from a doctor to a pharmacist reduces errors and speeds up the process. And CLUE, A-PLUS, and MIB help hold down the cost of your auto, home, life, health, and other insurance premiums by weeding out potential fraud.
Despite the best efforts of information keepers, hackers, laptop thieves, and unscrupulous insiders sometimes get their filthy hands on your data.
Having electronic records also will modernize and standardize, in some cases, very outdated computer systems and demand consistency. Paper or electronic, check your medical records with your employer, medical practitioners, and pharmacists just as you would check your credit report--on a regular basis--so no erroneous information exists in either format.
Mistakes and thefts happenBut what if bad information--a data entry error or a code typo--worms its way into your file? What if your medical information is stolen or falls into the wrong hands? Medical ID theft happens. Despite the best efforts of the information keepers, hackers, laptop thieves, and unscrupulous insiders sometimes get their filthy hands on your data. Someone could get surgery or some other medical service using your name, leaving you to pay the bill, or erroneous information may be added to your electronic record, which could lead to you getting the wrong treatment based on that erroneous information.
You've probably heard of ChoicePoint, the large database company that in 2005 acknowledged that criminals stole personal data of about 162,000 consumers by setting up fake companies and then obtaining data from ChoicePoint.
The CLUE database is one of many operated by ChoicePoint, whose databases include information about almost every American. If you were born, married, divorced, or sued, ChoicePoint probably has your data, and when you die ChoicePoint will have that, too. You can buy ChoicePoint reports on doctors and businesses. And employers can buy background checks on job candidates. Even though the compromised data is just a tiny number of the many millions of people whose records are on ChoicePoint computers, the data theft is unsettling.
There's a certain amount of your personal information that you can't protect.
ChoicePoint is not alone among database businesses that buy and sell your private information. And it is not alone among data keepers that have experienced breaches in privacy. A Sept. 5, 2006, report on InformationWeek.com says the Government Accounting Office (GAO) found that more than 40% of federal health insurance contractors and state Medicaid agencies reported experiencing privacy breaches in personal health information. The GAO report noted that these entities have access to medical data covering more than 100 million Americans. Another disturbing finding by the GAO is that some of these contractors and agencies outsource some work to other vendors, raising questions about the security of those medical records.
And even though Kaiser Permanente's software is designed so that only those who are supposed to get access can get it, a laptop stolen from a secure office at its headquarters contained data about a group of patients who needed hearing aids.
Consumers can act to safeguard themselves
So what's a consumer to do?
There are problems with altered records that do not leave an appropriate audit trail.
World Privacy Forum's Dixon says consumers can act to protect themselves from medical identity theft:
Home & Family FinanceŽ Resource Center