Who Owns Your Medical Records?

[Please note: References are linked to this page and can be viewed by clicking on the * throughout this document]

There is little consensus nationwide concerning the ownership of your medical information.  We see this lack of consensus when we look at how state legislators have dealt with this issue.  As of 2016, 22 states have laws that give ownership to hospitals and physicians; 28 states (including the District of Columbia) have no laws governing ownership; and one state, New Hampshire, gives medical information ownership to the individual.*   

Logic suggests individuals should own their medical information, after all it is their medical history and they paid for all the examinations and treatments described in these records. For those 22 states that have assigned ownership to hospitals and physicians, this logic was evidently not a consideration.

The consequences of not owning and controlling our medical information are severe.   
Information contained in our medical records is some of the most sensitive identity information we have.  To date hackers have stolen more than 50 percent of all electronic medical records in the U.S. and lawmakers and law enforcement are helpless to stop these thefts.*  Worse yet is many medical facilities have failed to notify those whose records have been compromised.

Stolen medical records are not like stolen credit cards or bank account information.  Banks can issue new credit cards and change access to bank accounts but medical information is permanent.  Stolen medical information is being sold for millions of dollars and eventually ends up in the hands of data brokers who know these records will bring high prices especially from employers.  Employers will use this information when making employment decisions because they do not want to hire an employee who poses a medical liability.  Individual's who have had significant medical issues in the past or who may suffer from a chronic ailment will be discriminated against regardless of whether or not the chronic disease is well controlled. 

The federal government has not stipulated who should or shouldn't own medical information.  It is speculated they consider medical record ownership a state concern and may also believe it may become a moot point knowing the provisions of the Health Insurance Portability and Accountability Act (HIPAA).*  This federal law requires medical facilities to provide copies  of medical records when individuals request them.  HIPAA can sidestep the issue of medical record ownership evidently assuming individuals will be satisfied knowing they are entitled to copies of their medical records.  

Even though HIPAA guarantees we can always get a copy of our medical records we exercise no control over how this information is being protected.  It is logical that we should own the information and we can only hope laws will be enacted to guarantee ownership.  In the meantime the answer to the question ‘who owns my medical record’ is you don’t own that information unless of course you reside in the State of New Hampshire.

Is Lifelock a Scam?

[Please note: References are linked to this page and can be viewed by clicking on the * throughout this document]

Lifelock's problem all along has been false advertising.  They tell us they can protect us from  identity thieves while the truth is there is no protection from an identity thief if the thief has enough information to impersonate you and steal from you.  

Because of this false advertising multiple fraud charges and fines have been levied against Lifelock.  In 2010 the Federal Trade Commission, along with 35 state attorneys general, fined Lifelock $12 million. *   This fine was to settle charges that the company used false claims to promote its identity theft protection services and repeatedly failed to secure the identity information they collected from millions of subscribers.  Later, because Lifelock's failed to stop the false advertising, they were found to be in contempt of the original order and fined an additional $100 million. *  

The Lifelock story is one of ineptness.  Lifelock came to our attention more than ten years ago when LifeLock's former CEO Todd Davis began an advertising campaign that included sharing his social security number on billboards, in television commercials, and even on the side of truck. The marketing ploy ultimately backfired when several reports showed his social security number being compromised and used for taking out loans and opening new accounts. Rather than building confidence among LifeLock’s clients, it just cast more doubt about the credibility of his marketing campaign and his ill-advised marketing strategy. And coming from a personal identity theft company’s CEO, this spoke huge volumes not just about him but his company in particular.*  According to other reports Mr. Davis has been a victim of identity theft more than a dozen times * and during his tenure as CEO has had to pay out millions to settle lawsuits for misleading customers, and deceptive practices.* 

In November 2016 Symantec corporation bought Lifelock and many had thought the false advertising would stop.  It appears the false advertising continues and it is likely Lifelock and its new owners will be fined in the future.  Evidently a 100 million dollar fine every few years is not much of a deterrent to a corporation that is collecting billions of dollars yearly from unsuspecting subscribers.

Is Lifelock a scam?  You have to make up your own mind.