Quick Tips

If you are considering using a personal health record:

  • Look for one that is subject to HIPAA privacy and security rules.  In most cases, this is a personal health record that is offered by your doctor or health insurer.  If you don't know whether it is subject to HIPAA, ask.  Be wary of companies that state they are HIPAA compliant and are not regulated by HIPAA. 
  • Ask who will have access to your medical information.
  • Ask whether you will have control over how your information is shared.
  • Find out how any authorization process works.  Are you able to revoke an authorization?
  • Can you delete information from the personal health record?
  • What security measures are in place to protect the information?
  • Where is the information stored, and if it is stored remotely (in the cloud) where does it reside?
  • What support does the vendor offer?  Is there a privacy officer?
  • Ask your health care providers how they are implementing health information exchange (HIE), if at all, and what privacy or security practices they are developing or already have in place.
  • Find out whether you have any options when participating in your provider's electronic health record system and in electronic exchange of your information. For example, can you consent to sharing certain information while restricting other information?
  • Carefully read any authorizations you are asked to sign.
  • Find out whether your state allows you to opt out of HIE.
  • Request copies of your medical records before you authorize their release to an employer.  If the records are incorrect, request correction.
  • If you have to submit to a background check, ask for a copy of the report.
  • Be careful about disclosing health or medical information online, particularly on social media.  Even if you have set up privacy controls, they can’t guarantee you total privacy. 
  •  If you have a disability, you may be entitled to additional privacy protections.  Learn about your rights under the Americans with Disabilities Act and any applicable state laws.
  • If you have an employer-sponsored health plan, identify your company’s privacy officer.  You can ask this person your privacy questions. 
  • If you are considering participating in an employee wellness program ask your employer:

What information will be collected?
Who will be collecting the information and where will it be stored?
Who has access to the information and for what purposes?
Will you have any control over the use and disclosure of the information collected?
Does the program comply with HIPAA or any other privacy laws?
What privacy and security protections are in place?

  • Ask for your pharmacy's privacy notice.
  • Ask for your prescription benefit manager's privacy notice.
  • Ask your doctors if they have opted out of sharing their prescription data with pharmaceutical companies via the AMA's Prescription Data Restriction Program.
  • Find out if you have a prescription drug report with Milliman or OptumInsight (Ingenix), ask to access it, and request that any errors be corrected.
  • Request copies of your prescription information from health care providers, health plans, pharmacies, and prescription benefit managers.  If the information is inaccurate, request changes.
  • Keep your own record of your prescriptions as a reference.  This can help you correct any errors you find in a prescription record someone else maintains.
  • If you feel your rights have been violated or your concerns ignored, file a complaint. You can complain directly to your provider or health plan, to the U.S. Department of Health and Human Services Office of Civil Rights, and state licensing boards in certain circumstances.

Before you sign a form authorizing any use or disclosure of your medical information:

  • read the form closely
  • ask questions about anything that makes you feel uncomfortable or that you don't understand

always question a form authorizing someone to use or disclose your information for all legally valid purposes

always question an authorization that does not specify a time limit for using or sharing your information

  • edit the terms or decline to sign an authorization if you remain uncomfortable

 

Ask your health care providers and insurance plans for their privacy notices. 

The notice will tell you:

  • how the doctor or health plan may use and disclose your information,
  • your rights,
  • how to file complaints, and
  • who to contact with further privacy questions.

 

  • Before making a purchase on a website, check to make sure the address starts with “https:” and/or that there is a padlock icon before it. If not, your card information may not be secure.
  • Remember: Anyone can make a website. If you’re unfamiliar with a company, do some research before you shop online with them.
  • Use a browser that allows you to disable or refuse cookies to avoid being tracked when browsing or shopping online.
  • Sign out of social media and email accounts to avoid being tracked when browsing or shopping online.
  • Disclose only required information (usually marked by an asterisk *) when checking out. Voluntary information is typically used for targeted marketing or advertising purposes and you may receive unwanted solicitations from the company in the future.
  • Keep passwords for your online shopping accounts protected. If a password is compromised, someone may be able to make purchases under your name and card.
  • Order your credit report before you apply for a rental. The prospective landlord will almost certainly require your credit report in the application process.
  • Learn about residential and tenant reports. Many landlords use tenant reports to screen rental applicants. These reports often include both credit history and non-credit information such as criminal history; landlord-tenant court cases; identity verification; past rent payments; references from former landlords; history of bad checks; treatment of premises of former rentals; and information from local, state and national databases.
  • Understand basic tenant rights and obligations. A good place to start is the website for the U.S. Department of Housing and Urban Development (HUD). There you will find information about your rights under federal law as well as links to all states for further information.
  • Carefully review any lease or rental agreement before you sign. Be sure that agreements incorporate any verbal conversations you have with the landlord or property management company. In addition to basic terms regarding rent payments, utilities, and time period covered, a rental agreement should cover any understanding about such things as pets, visitors, roommates, or sublets.
  • Do not hesitate to question any wording that limits your existing rights under state or federal law (such as your right to notice when the landlord wants to enter your space). If you have questions about wording in your lease, consult an attorney before signing.
  • If you are in the military, learn about the Service Members Civil Relief Act. It gives active duty members the right to terminate a lease when they are ordered to a new permanent location or any change of location that amounts to more than 90 days.
  • Keep a file that contains your signed lease or rental agreement and any other important documents. The file should include notes of any conversations you have with your landlord or apartment manager regarding repairs, disturbances, disputes, or any other event or incident that may affect your rights as a tenant. It should also include any correspondence, emails, repair orders, and even notes left on your door.
  • Know the warning signs of rental scams. Scammers are known to use sites like Craigslist to place phony rental listings or to hijack a valid listing to attempt to steal your money or identity. The surest sign of a rental scam is when you are asked to wire money. If you are asked to pay a security deposit and advance on rent before signing a rental agreement, you should consider it a red flag.
  • Be aware of foreclosure scams targeting unsuspecting renters and distressed homeowners.
  • Carefully review all notices you receive from your landlord or rental agency. For example, a landlord’s notice to evict you may give you only a certain number of days to respond. By not responding within the given time, the landlord may seek a court order to evict.
  • Know where to complain or seek help if problems arise. Understand that no single law covers all situations. Nor does a single federal, state, or local government agency have authority to investigate every type of problem you might encounter.
  • Never ignore a debt collector even if the debt is not yours.
  • Never pay a bill you don't owe just to get the collector to "go away." Any payment of the debt is considered an acknowledgement that you are responsible. Even if you pay, that will not erase a negative entry on your credit report.
  • Learn to recognize abusive collection practices. Even if you owe a debt, a collector owes you fair treatment and respect for your privacy.
  • Be aware of possible fake collectors. Be on the alert when a caller claiming to be a debt collector asks you for your Social Security number, information about your bank and credit card accounts, or threatens you with jail/arrest.
  • Ask questions and learn specifics. When a collector calls or you call back, get as much information as possible. Ask for the name of the caller, the collection agency, the creditor, and the address and fax number for sending correspondence. Also ask about the amount the collector claims you owe.
  • Assert your right to privacy if you want to be contacted only in writing.
  • You can tell and write the collector that you are the only person to be contacted.
  • When it doubt, ask for all terms and payment plans to be sent to you in writing.
  • Pay the proper party. Payments should be made to the debt collector and not the original creditor unless you are expressly instructed to pay the creditor directly.
  • Complain about abusive collection practices. A debt collector is not allowed to make idle threats (express or implied) or use abusive or profane language.
  • Military members should make an appointment with the local Judge Advocate General's office if contacted by a collector. The Servicemembers Civil Relief Act (SCRA), previously the Soldiers' and Sailors' Civil Relief Act (SSCRA), provides protections for military members whose financial life is affected by military service. 
  • Be wary of advertisements that promise an easy solution to debt. Debt repair "doctors" and credit consolidators may end up causing you more harm than good.
  • If you are seeking help, be very careful. Seek assistance in resolving your debt(s) through a member agency of the National Foundation for Consumer Credit, such as the Consumer Credit Counseling Service.
  • If you are unsure about how a law applies to your situation, consult an attorney.
  • Ask questions about an old debt. A debt that is older than the state law allows for a collector to sue you is said to be "time barred." Average statute of limitations is usually three to six years, but it can be up to ten.
  • There are 3 nationwide credit bureaus (Equifax, Experian, and TransUnion). You can obtain a free credit report from each credit bureau once every 12 months. Order your free reports online at www.annualcreditreport.com, download the Annual Credit Report Request form to mail in your request, or call (877) 322-8228.
  • To monitor your credit reports year round, you can order your report from a different credit bureau every four months.  There are also a few commercial services that will monitor your credit reports at no charge.
  • You have the right to freeze access to your credit reports. This is an effective way to reduce your risk of identity theft.  A security freeze locks your credit file, preventing others from getting new credit using your name or identity. 
  • Obtain copies of your other consumer reports covering insurance claims, tenant history, check writing history, employment, and medical conditions.
  • Use up-to-date anti-virus and anti-malware programs and firewalls.
  • Make sure that your operating system and software are current and patched.
  • Back up your data. Ransomware is a growing threat that can be avoided if you have backed up your data.
  • Encrypt sensitive information before storing or sending.
  • Be cautious when using wireless connections and Wi-Fi hotspots.  Most public Wi-Fi is insecure.  Use a Virtual Private Network (VPN) to create a secure connection.
  • Do not use the same password for multiple accounts. Instead, use strong passwords [3] that are unique to each account. This is particularly important for your most sensitive online accounts.
  • Utilize two-factor authentication when available.
  • Before you donate, sell or discard your computer or device, be sure to securely wipe all personal data.  Deleting files is not enough!
  • If your phone is stolen or lost, immediately contact your mobile carrier. You may be held accountable for all charges up until the phone is reported lost or stolen.
  • Read the privacy policy of your wireless service to learn about how the company stores and retains data. Also, pay attention to the location data that the company collects.
  • Contact your mobile carrier and request that “call details” be removed from your bills.
  • Place a password on the account. For a strong password, do not use commonly known information and use a combination of numbers and letters.
  • To avoid eavesdropping of private calls, move out of earshot of others or save conversations for when you are at home or your office.
  • Look over your phone bills carefully to see if there are any fraudulent calls.
  • Do not leave your phone unattended.
  • Use your phone’s lock feature when you are not using the phone.
  • If you receive frequent wrong numbers or hang-ups, contact your carrier right away. These may indicate that your phone has been cloned.
  • If you are having a problem with your service provider, file a complaint with the Federal Communications Commission (FCC).
  • Checking your credit report annually can help with early detection for subscription fraud.
  • Before donating, selling, or discarding your old phones, ensure that all data has been permanently erased.
  • Think carefully about using a personal device for work purposes.

  • Read your company’s BYOD policy thoroughly and ask questions.
  • If something is unclear, you may want to speak to an attorney or the HR department.
  • 
Consider having two separate devices to keep your work and personal devices separate.

  • Employees who participate in BYOD programs should be conscious of privacy settings, information they store on their device, and apps they use. 

  • Back up personal data such as photos, videos, and music, especially if the company has the ability to remotely wipe data from your device.
  • Use a strong password for social networking sites that is different from the passwords you use to access other sites.  


  • Don’t choose the security questions that others might know or can figure out easily like your mother’s maiden name. 


  • Use an email address that is not associated with your work. 

  • 
If it does not violate the terms of service for the particular social network, consider using an alias or not including your last name.

  • 
Don’t import or share your contacts. 


  • Take the time to read the privacy policy before using the service.

Online Harassment
Limit the amount of personal information you include in your online profiles.  
Be cautious when accepting friend or follow requests on social media, even if the request appears to be from a friend or family member. It is best to verify with the friend or family member that he or she owns the account before accepting the request.  
Keep social media profiles “private” to restrict who has access to your information.  
Don’t post photos of your house that can indicate its location and avoid checking-in at your house on social media.
Exercise caution when connecting your cell phone to your social media account, and be mindful when posting live updates about your location or activities.
  • Limit the amount of personal information you include in your online profiles. 
  • Be cautious when accepting friend or follow requests on social media, even if the request appears to be from a friend or family member. It is best to verify with the friend or family member that he or she owns the account before accepting the request. 
  • Keep social media profiles “private” to restrict who has access to your information. 
  • Don’t post photos of your house that can indicate its location and avoid checking-in at your house on social media.
  • Exercise caution when connecting your cell phone to your social media account, and be mindful when posting live updates about your location or activities.

Social Security Numbers
If a private business requests your SSN, don’t be afraid to ask why or inquire about another option.
Do not make a habit of carrying around cards that include your SSN; you only need it for special circumstances like the first day of a new job.
As a rule of thumb, never give out your SSN during a phone call that you did not initiate.
Never provide your SSN when shopping online.
If you must provide your SSN online, such as when applying for a credit card, bank account, or government benefit, check the address bar for both a padlock symbol and an “https” web address.
If your SSN is being displayed or released by your employer in a way that makes you uncomfortable, discuss with them the potential for fraud and how their policies should reflect this.

  • If a private business requests your SSN, don’t be afraid to ask why or inquire about another option.
  • Do not make a habit of carrying around cards that include your SSN; you only need it for special circumstances like the first day of a new job.
  • As a rule of thumb, never give out your SSN during a phone call that you did not initiate.
  • Never provide your SSN when shopping online.
  • If you must provide your SSN online, such as when applying for a credit card, bank account, or government benefit, check the address bar for both a padlock symbol and an “https” web address.
  • If your SSN is being displayed or released by your employer in a way that makes you uncomfortable, discuss with them the potential for fraud and how their policies should reflect this.
  • Be sure to check People Search sites for an opt-out by looking for a “contact us” page or “removal policy”.
  • If a “people search” site doesn’t list contact information, try searching for the domain owner at whois.icann.org.
  • Be cautious when asked to provide ID such as driver’s license in order to opt-out of a “people search” site; this information may be added to profiles on other sites.   
  • Always keep your social media profiles set to “private” rather than “public” to avoid information being collected on you from these sites.