From Pittsburgh to Pasadena, privacy expectations are variable for most people.

Paraphrased, that means this: Tell a morning secret to an office gossip and you can reasonably expect to be conversational fodder at the water cooler by noon. Conversely, confide similarly confidential information to a doctor in a clinical setting and the outcome will likely be decidedly different, with the information you divulged being closely guarded and kept under wraps.

Or not.

In a starkly growing trend of hospital negligence, the would-be and seemingly private information that patients share with their doctors is being compromised, finding its way into the hands of third parties and being used to commit criminal acts.

Alternatively, a breach can undermine a patient’s legal right to confidentiality in a patently egregious manner. A worst-case outcome looks something like this: A Michigan woman who saw her doctor for treatment of a commonly transmitted sexual infection had her medical information inadvertently splayed across the Internet by the hospital’s transcription service.

Persons thinking that such a dire scenario is singular and unlikely to reoccur might want to reconsider their assumptions concerning privacy-related hospital malpractice, say government investigators and fraud experts. Reliable statistics posit that close to 400 breaches involving the proprietary medical information of more than 19 million patients have been reported since September 2009.

And the reasons for that often owe purely to the negligence and outright sloppiness of doctors and medical facilities in safeguarding information. A recent report by a security firm indicates, for example, that, while most physicians use smartphones to store medical information, few of them make any attempt to ensure its confidentiality through encryption.

The downside of such carelessness is far from academic. As noted by Leon Rodriguez, head of the U.S. Department of Health and Human Services Office of Civil Rights (OCR), breaches undermine public trust in doctors. That translates, in turn, to fewer people seeking medical attention when they truly need it.

No one wants that to happen, and Rodriguez says that the OCR will take strong steps to ensure that it does not.

His message to doctors underscores his agency’s resolve. Physicians “should expect us to move to a much more enforcement approach,” he says.

Source: USA TODAY, “Data breaches put patients at risk for identity theft,” Robin Erb, Feb. 13, 2012