Get a Clue About What Databases Have on You

by Paul Johnson

When it comes to car crashes and claims on your homeowners policy, it's good to be clueless. And if you think an A-Plus is always a good thing to get, think again.

That's because anyone who has had a car accident or made a claim on a homeowners insurance policy in the past five years likely has a CLUE, a record on the Comprehensive Loss Underwriting Exchange, or an A-PLUS, a record on the Automated Property Loss Underwriting System. Most people, however, don't have a clue about CLUE and A-PLUS, or how insurers use the information on those and other data repositories, such as MIB (Medical Information Bureau), to determine how much you pay for insurance or even whether you can make the grade to get insurance.

Meanwhile, health-care providers, dangling the carrots of better care, simplification, and cost-savings as potential benefits, are putting health records online, adding to concerns about identity theft and misuse of information.

Face it. Your personal information is out there. "There's a certain amount of your personal information that you can't protect," says Pam Dixon, executive director of the World Privacy Forum, San Diego, a research group that focuses on privacy issues.

It's downright daunting to know that your digital dossier resides in databases that you've never even heard of, and that people that you've never met have access to it. But these data repositories aren't new. MIB has been around for more than 90 years, for instance.

What's new is that the Internet--the same tool that puts a world of data at your fingertips--also makes it easier for thieves to get access to sensitive personal data. That's the price for making the information easy to access for those who can use it to make your life better by holding down your insurance costs or giving you better medical care.

National Health Information Network coming together

What's also new is the push to make medical records more easily available to a wider array of health-care professionals.

• Kaiser Permanente, Oakland, Calif., one of the country's largest health-care organizations, plans to have the records of all 8.5 million of its members available electronically to its doctors and qualified health-care professionals by 2008, says spokeswoman Susannah Patton, adding that 70% now have some form of electronic record.

• UnitedHealth, Minneapolis, another large medical group, has 20 million patients who carry magnetic strip ID cards they can use to verify eligibility and co-pay amounts. The company is enhancing its technology to include essential health records on the cards. One swipe and there it is.

• The federal government is behind an effort to build the National Health Information Network, a system that is supposed to make all medical records digitally available to every link in the health-care chain--including insurers, pharmacies, and labs--not just the doctors and nurses at your clinic.

Personal health records maintained on Web sites need to have a built-in authentication process that ensures privacy and security of both access to the information and use of the information by medical professionals.

Dixon is concerned that technology is outrunning the safeguards. "Problems are cropping up that have not been fixed and are not being fixed at a fast enough rate to protect consumers," she says. "There are problems with altered records that do not leave an appropriate audit trail. Some do it right, others don't."

Keep in mind that these databases do benefit you. Having your medical information readily available to medical professionals in an emergency could save your life. Electronically transmitting a prescription from a doctor to a pharmacist reduces errors and speeds up the process. And CLUE, A-PLUS, and MIB help hold down the cost of your auto, home, life, health, and other insurance premiums by weeding out potential fraud.

Having electronic records also will modernize and standardize, in some cases, very outdated computer systems and demand consistency. Paper or electronic, check your medical records with your employer, medical practitioners, and pharmacists just as you would check your credit report--on a regular basis--so no erroneous information exists in either format.

Mistakes and thefts happen

But what if bad information--a data entry error or a code typo--worms its way into your file? What if your medical information is stolen or falls into the wrong hands? Medical ID theft happens. Despite the best efforts of the information keepers, hackers, laptop thieves, and unscrupulous insiders sometimes get their filthy hands on your data. Someone could get surgery or some other medical service using your name, leaving you to pay the bill, or erroneous information may be added to your electronic record, which could lead to you getting the wrong treatment based on that erroneous information.

You've probably heard of ChoicePoint, the large database company that in 2005 acknowledged that criminals stole personal data of about 162,000 consumers by setting up fake companies and then obtaining data from ChoicePoint.

The CLUE database is one of many operated by ChoicePoint, whose databases include information about almost every American. If you were born, married, divorced, or sued, ChoicePoint probably has your data, and when you die ChoicePoint will have that, too. You can buy ChoicePoint reports on doctors and businesses. And employers can buy background checks on job candidates. Even though the compromised data is just a tiny number of the many millions of people whose records are on ChoicePoint computers, the data theft is unsettling.

ChoicePoint is not alone among database businesses that buy and sell your private information. And it is not alone among data keepers that have experienced breaches in privacy. A Sept. 5, 2006, report on InformationWeek.com says the Government Accounting Office (GAO) found that more than 40% of federal health insurance contractors and state Medicaid agencies reported experiencing privacy breaches in personal health information. The GAO report noted that these entities have access to medical data covering more than 100 million Americans. Another disturbing finding by the GAO is that some of these contractors and agencies outsource some work to other vendors, raising questions about the security of those medical records.

And even though Kaiser Permanente's software is designed so that only those who are supposed to get access can get it, a laptop stolen from a secure office at its headquarters contained data about a group of patients who needed hearing aids.

Consumers can act to safeguard themselves

So what's a consumer to do?

World Privacy Forum's Dixon says consumers can act to protect themselves from medical identity theft:

• Keep your own copies of your medical files. "When you go to your dentist, or eye doctor, or for your annual physical, ask, 'Can I please have a copy for myself?' They may ask for a written request, or charge you for the copies, but it's important to keep your own paper trail."

• If you are privately insured, go to your insurance company once a year and ask for all the benefits paid in your name. "Do so whether you've seen a doctor or not."

• "If you have federal or state medical coverage, you need to open those statements and look at them closely." Make sure the services listed on the "THIS IS NOT A BILL" statements really were delivered. Identity thieves and criminals can siphon dollars out of the system when consumers aren't paying attention.

• "Keep a close rein on your credit report." Among other things, check for medical debts. You can get your credit report free once a year from each of the three major credit bureaus--Equifax, Experian, and TransUnion--at AnnualCreditReport.com.

Published November 27, 2006

Printed Sunday, July 6, 2008

  Home & Family Finance® Resource Center
  Copyright © 2008 - Credit Union National Association, Inc.