We've all been to the doctor and forked over our information. You might even see a HIPAA sign on the wall, explaining your right to privacy. The problem is it can't be guaranteed. So what keeps your information from getting into the wrong hands?
Shawn Patterson will admit he's a little paranoid when it comes to his privacy.
"I have an innate fear of going back to the hospital,” said Shawn.
The reason is spelled out in letters his family received from Anmed Health System in Anderson.
One letter states a contract employee accessed his, his wife’s and his son’s personal information without authorization.
“Social security numbers, all our medical reports as far as doctor's reports,” said Shawn.
He says the breach was so far reaching that he and more than a dozen others have filed a lawsuit in the case.
“A lot of it for us is the stress it put us all under,” said Shawn. “My wife is fighting cancer and I have heart disease.”
And the Pattersons aren't alone.
In December 2012, a patient received her mammogram results from Spartanburg Regional along with the results of two other women by mistake.
And in another case, a woman sent us a letter she received from Greenville Health System stating her patient information was given to another patient in error.
Attorney Neil Caesar says it’s an ongoing battle. He heads The Health Law Center in Greenville, a national law firm for health care providers.
Caesar says whether it's malicious or by mistake, patient privacy breaches can happen anywhere.
“You can make it hard, but you can't make it impossible,” said Caesar. “You can put in all sorts of firewalls to protect against outside hacking. And they generally do a very good job. But you can't prevent human error inside.”
That's where HIPAA laws come in, which outline who can access your information and how it can be shared.
“I think health care providers, for the most part are trying to follow the law,” said Caesar.
Cindy Shifflett, the HIPAA privacy officer for Spartanburg Regional, wouldn't comment on the case from December, but says employees are well aware of their responsibilities while handling your privacy.
“The electronic medical record is a great thing,” said Shifflett. “Employees are given access to records based on their job responsibility.”
She says each employee also goes through extensive training before they start and every year after.
The hospital does periodic audits to make sure no one is accessing information they shouldn't be.
And if someone does try to access prohibited information, Shifflett says their system will flag it.
All safeguards intended to protect your privacy.
Shawn says it’s a concept he has a hard time accepting, now that his view of patient privacy has changed.
"I don't think any of it’s safe,” said Shawn.
Shawn tells us even more patients have added their names to the lawsuit against Anmed and others involved.
He says his wife also received another letter from Anmed, stating another contract employee accessed her personal information without authorization. This was after the Pattersons requested an audit.
So how can you help protect your information?
The most important thing you can do when you walk in the doctor's office is read the HIPAA form before signing it.
It should tell you how the provider intends to use your information. If you don't want your information used as described in the form, you can tell them to exempt you.
And if you don't understand something, ask questions. Experts say you are your best advocate.