Are You Exposed? Your personal information is easier to get than you think

COLUMBIA, SC (WIS) - Whether you believe it or not, your personal information is at risk. Crisis experts say in 2013, it's not if your information will be compromised, but when.

In the four year prior to the Department of Revenue breach, the Department of consumer Affairs received notice over a million South Carolina consumers had their personal information compromised.

Now the question becomes is your personal information truly safe when you hand it over?

"You've got to be vigilant for yourself because that's what's going to protect you in the long run," said Shannon Geary, volunteer coordinator for the South Carolina ID Theft Network.

And it all starts with your Social Security number.

Any business can request your SSN, but that doesn't mean you have to hand it over. You can and should ask questions.

"If you've been to that doctor before, you can ask them whether or not you do need to submit that information," said Carri Grube Lybarker with the state Consumer Affairs Department. "Often times if you haven't been there 6 months to a year, they'll need you to complete a form to make sure that information hasn't changed. You can leave those areas blanks and ask them the necessity for it."

Ask if they'll take an alternative, such as your driver's license number.

"Our Social Security number is the number one identifier, and so when you're trying to go get products or services, from a business from a government agency they're likely to ask you for that," said Lybarker.

Now we'll introduce you to Greg Green. Like plenty of you out there, Green thought his doctor's office did an adequate job of protecting his unique, identifying numbers.

"They want to know everything about you," said Green. "You got to provide it so you can get the service that you need so, you just do it."

On the way out of his girlfriend's doctor's appointment at Brookland-Cayce Medical Practice, Green claims his girlfriend was handed her receipt, but that's not all she was given. Additionally she was given information for 14 different patients -- Social Security numbers, emergency contact numbers, and insurance information.

"You have some expectation of privacy when you go to the doctor's office, and obviously this expectation is not here," said Green.

Green didn't take the documents back to the practice, or alert the administration. Instead, he brought them to us.

"They need to be accountable, and if I give it back, it's not really going to bring the awareness that they need to realize how serious this is," said Green.

We called Eau Claire Cooperative Health Center, Brookland-Cayce Medical Practice's parent company, and explained their records had been compromised. They don't believe staff would have simply handed over that many private records.

"No there's no reasonable manner in which multiple records can be handed to the wrong person," said Dr. Stuart Hamilton with the Eau Claire Cooperative Health Center.

"We haven't seen those, and you haven't produced those, so we have to go on basic hearsay evidence that these records exist. If they are records from other people, then they're maybe stolen records.

Clinic staff claims these records are typically locked up and wouldn't have been on the counter for taking. However, they ended up in a patient's hands.

This isn't an isolated instance. WIS learned the same thing happened recently at medical offices in Orangeburg. According to McAfee, hospitals, doctor's offices, and medical businesses rank 3rd, 7th, and 10th on a top ten list of most dangerous places to give out your Social Security number.

In the Midlands, Palmetto Health is a large area provider, consisting of both hospitals and doctors offices, so we turned to them. Why do doctors offices need so much personal information?
"Basically, it's to make sure we provide adequate care and don't confuse you with anybody else so that your medical records stay whole," said Palmetto Health information security officer Michael Ruano.

But why your Social Security number? It was never meant to be a personal identifier.

"HIPPA required another identifier be created, but that's sort of fallen to the wayside, so a Social Security number is one of the few ways we have to uniquely identify individuals," said Ruano.

From a technical perspective, Palmetto Health has firewalls and virus scanners, email and web filters. They encrypt information and have a separate department to deal with the paper and say often larger companies can be better equipped.

"We have the resources that a small practice may not have, so those practices that are aligned or part of Palmetto Health also get the benefit of myself and other training staff to do a more robust job of protecting that information," said Ruano.

As for the compromised patient information, Greg Green promised to destroy those files.  He told us they went into his fireplace on a cold night. The facility claims they should have been returned.

"If they don't belong to him, he should return them," said Hamilton.

Still, Green wonders if his information has ever been compromised by someone he trusted.

"I'm not even a patient, and I have 14 different patients' information, now who has her information? Where's that going and then our son, who has his information, he's not even 2 years old, you can do a lot with that."

So what can you do to protect your private information? There are many state and federal laws in place to help you -- laws that protect your paper and digital information.

"It has to be disposed of to where that information is either encrypted or to where its unreadable or undecipherable," said Lybarker.

Also, consider paying cash for more items and using a credit card versus your debit card.

"If someone does get a hold of your pin number and account number, that comes out immediately versus if your using it as a credit card, it's going to take a couple of days for that transaction to actually hit the bank," said Geary.

Not only that, but you should consider carrying only what you need.

"You can make a copy of your Medicare card, keep the copy in your wallet, and scratch out everything but the last four digits of your card number," said Geary.

It's important to also sign up for credit monitoring. After Zaxby's was hacked, experts recommend using one credit card -- not a debit card -- for purchases.

"Your bank statements, when you get those bank statements, open them up at the end of the month and make sure those charges are your charges," said Geary.

How easy is it to find your information? Consider websites like Spokeo. That site contains prior addresses, links to other family members or your kids and unless you request for the information to be removed, it's out there for anyone to use.

Copyright 2013 WIS. All rights reserved.