I'm glad your organization hasn't had a PHI breach. I'll see your anecdata and raise you mine:
The two biggest hospital providers in my geography have both had breaches in the last 5 years, both involving exfiltration of PHI (and one involving ransomware). (My family's data was in both, too!)
I have a background in IT security and systems administration (including working as a contractor for healthcare providers). Since medical records have become "electronic" I've assumed medical data is de facto public.
If there was a diagnosis or treatment I felt others knowing about would compromise me I would avoid bringing it up to a medical professional or seeking treatment. I'm certain there are people who avoid mental health services, for example, for exactly that reason.
> Since medical records have become "electronic" I've assumed medical data is de facto public.
> If there was a diagnosis or treatment I felt others knowing about would compromise me I would avoid bringing it up to a medical professional or seeking treatment. I'm certain there are people who avoid mental health services, for example, for exactly that reason.
I'm very sorry you feel this way and I hope you can find a way to have more trust in your doctors. I assure you data privacy is incredibly important and not something we screw around with. Breaches happen, but it's not the rule.
The two biggest hospital providers in my geography have both had breaches in the last 5 years, both involving exfiltration of PHI (and one involving ransomware). (My family's data was in both, too!)
https://www.hipaajournal.com/premier-health-partners-2023-da...
https://www.hipaajournal.com/kettering-health-ransomware-att...
I have a background in IT security and systems administration (including working as a contractor for healthcare providers). Since medical records have become "electronic" I've assumed medical data is de facto public.
If there was a diagnosis or treatment I felt others knowing about would compromise me I would avoid bringing it up to a medical professional or seeking treatment. I'm certain there are people who avoid mental health services, for example, for exactly that reason.