gerri: hello, everybody. welcome to the "willis report." tonight we're devoting the whole hour to your private medical data exposed. everything about you, to your medical history, treatment, even your shopping habits, out there for the highest bidder. we start with a new lawsuit alleging the irs improperly seized 60 million medical records from 10 million americans. records included sensitive information on victim's psychological states, gynecological counseling and even sexual and drug-related treatments. but the alleged corruption and abuse of power by top government officials runs much deeper. joining me now a bang-up panel. dr. debra peale and mark roden. electronic privacy information

center. debra, to you first. what are people trying to buy and why do they want this information? >> people are trying to buy health information for lots of purposes. we know about and many that we don't. some people want to use the information to sell us products. that's one thing. but the far more dangerous problem is thero use of this information byfo employers, ban, insurers and others, who can make decisions abouttus that will be harmful to our jobs or our futures. melissa: mark, so many people when i bring up this topic to them tell me, you know, look, you got to throw up your hand. your information, all of your information is outow there. what do you say? >> well i don't think that's right, gerri. medical information, i think most people agree is among the moste sensitive information we have. we tell things in confidence to our doctors and to our health care providers and we expect the information to be kept that way. i think dr. peel is absolutely

correct, that the information taken out of context, can hurt you in a job setting. it can hurt you when you're trying to get a loan. it can hurt you in lots of situations and i don't think people should have to worry about that i think medical privacy needs to be protected. gregg: you know, one of the. that perspective employer find out you failed a precancer screening test. that can totally ruin your chances for getting a job. dr. peel, tellr. us a little bit about how h valuable this information is >> we nomos thing valuable in the digital age is your mind or your body. social security numbers can be bought between 50 cents and $5 a

piece. anything about your health information goes for sale on a scale of about $14 to $55. this is the most important information about you. gerri: unbelievable. >> yes. gerri: mark, we were looking who buys this stuff. doctors and hospital creating information. insurance companies. retail pharmacies and managers. so retailers, marketing companies. your employer. as you look at this, you have to sit back and think, wasn't hipaa supposed to protect us from all of this? what happened, mark? >> well, that's an excellent point, gerri. congress tried in somewhat backward way to create regulations for health record information. they couldn't actually pass a law. whaty they did was ask health d human services, the federal agency to issue regulations and those regulations came out. they're not as strong as they need to be. they tried to strengthen them a bit this year. that will help but there's been a real push back, particularly from the pharmaceutical industry. they want access to that prescription information.

they want to make it available to lots and lots of different companies. and i think it's left americans far more exposed than they would even think because of the detail of that information. it isio really shocking. gerri:>> well, and, you know the more i look at this, the more disturbing it really is. because it can infect so many parts of your life. you mentioned earlier getting a bank loan. maybe ultimately you can be impacted. debra, something innocuous as a pharmacy loyalty card can be a problem. i want to share information you shared with us. here is what target's website says about their pharmacy rewards program. and i'm quoting. if information used or disclosed is redisclosed, redisclosed by target or its affiliates is may not longer be subject to hipaa protections. what do you make of that? i mean what does that really mean? sound like i don't have protection now. sound like target is saying, ultimately we don't have live by the law? >> well, they don't but the interesting thing, gerri, is,

hipaa actually allows most of the, most of the companies and agencies that hold our health information right now to use and disclose and sell it without our consent. this is actually a warning that they're going to do that. redisclose means, they're going to send it to people that we would not expect to have it and would not want to have it. gregg: well, mark,. gerri: mark, are people trying to use this information, because it is even valuable than social security numbers. >> it is very valuable information, an even companies that use the information for what we might have to be acceptable purposes, still run a very, serious risk of security breaches. there are more and more stories about prescription record information.

diagnostic, information, other medical information, that gets hacked, that gets disclosed. you know,t people walk out with. and i think, this is a reminder, even to the good companies, that we're going to need stronger protections in place because for identity thieves to have access to this amount of data is just too attractive. gerri: well not like with regular old identity theft they had access to your bank account maybe. they have access to the insurer's bank account. that is one big plus for them. thanks for coming on tonight. great job. fascinating conversation. we'll continue to follow this. thanks so much. meanwhile, obamacare, putting your medical identity at risk. the law creates a federal database for patient information that is only escalating the number of ways your medical identity can be stolen. pam dixon, executive director of the world privacy forum joins me now. welcome to the show. pam, great to have you here. tell us about the dangers, first of all, of these electronic

records. what can go wrong? >> all sorts of things. the main thing is that when you have a digital medical file, it's, something that can be stolen on steroid. instead of walking out of a hospital with, few files. you can walk out with a usb with thousands or 10 of thousands of files on it. that is some of the dangers of moving to digital files. but, it's a really important move to make. gerri: well, let's talk a little bit what the thieves are looking for. this could be somebody inside of a hospital or a doctor's office. could be a mafioso who found it could be lucrative to deal with this. people that used to deal in cocaine, dealing in medical identities. how do they do it and what are they looking for? >> the main purpose is find names of people and preferably their medicare number or their prescriptions, that kind of information. and what the thieves want to do, they want to impersonate the people and create fake bills for

them. then they can just collect that money as if they were really the doctor that were caring for you and in this way they can make millions of dollars. it's a great scam. it is very lucrative as you said. the average scam is around $2 million all the way up to $100 million. gerri: wow! i was trying to tell people, if you steal somebody's identity in the usual way you have access to their bank account or maybe their credit cards but if you do this you have access to the insurer's bank account and credit card. maybe a hospital's bank and credit card numbers. you guys put together a great map where you show where people get their medical identity ripped off. i want to show this to people now. it really looks like, it really looks like most of the folks are in florida. these are the elderly. who gets hit most often? >> it's so awful to look at. when we did this map we were actually surprised by the results. but when you really look at the research here, it's basically medicare, medicaid, hot spots in

the country. so it is northern and southern california, the eastern seaboard, of course, florida, of course texas and a little bit in chicago. those are your hot spots and arizona. a lot of elderly, retired folks are really getting hit. disabled people. anyone with a cronic medical condition. gerri: wow, we were telling people yesterday that the street value of your medical i.d. is something like 50 bucks. your social security number only goes for a dollar. so you can see how valuable this thing is. tell me, how do people find out this even happened to them? >> usually it take about two years for folks to find out. a lot of times, we've actually gotten calls from people who found out just before surgery. and a doctor comes and says, you know there are two different blood types listed in your health care file. what is going on. that is one way you find out, your health care file has a lot of weird inaccuracies. another way, all of sudden you get bills for services that you never received. a surgery you never got.

or prescriptions you never filled and don't need. these are some of the main ways people find out. gerri: pam, i know you've written, i have to repeat this, because i thought this was so compelling in this story, the real danger is, somebody steals your medical identity and you show up innage emergency room and they're giving you the wrong blood type because that is what is in your file. because somebody ripped you off. the dangers are huge. >> right. that is the core harm of medical identity theft. it's not just that they're using insurance money improperly. the real problem, is that when they do that, they introduce errors into your medical record and it is very, very challenging to then go and fix those records. gerri: we give a few of those tips on gerriwillis.com how to fix the medical record. you're for a lot of work if you have to do. pam, thanks for coming on tonight. appreciate it. >> thank you. gerri: a lot more still to come 24 hour as we continue our look at your medical privacy.

next the data brokerage industry is gathering your information and selling it to the highest bidder. we'll tell you what you can do to protect yourself. (announcer) at scottrade, our clients trade and invest

exactly how they want. with scottrade's online banking, get one view of my bank and brokerage accounts with one login... to easily move my money when i need to. plus, when i call my local scottrade office,

i can talk to someone who knows how i trade. because i don't trade like everi'm with scottrade. me. (announcer) scottrade. awarded five-stars from smartmoney magazine. gerri: the retailer target has you in its sights. it is tracking your most sensitive privatehe information. in fact, target is so good at spying on you, it figured out a teenage girl was pregnant before her own father found out. we continue our indepth investigation into the invasions of your private medical data with the author of this book, you got to read this one, "the power of habit." why we do what we do in life and business. charles, welcome to the show. >> thanks for having me. gerri: i want to talk about this teenage girl first. how did this happen? >> it is kind of an amazing story. target spent loftha time tryingo figure out everything they can about anyone that walks into

their stores. if you use a target coupon or credit card, if you do anything, open a target e-mail, bring it into the store they will track who you are and what you bought in the past and future. one of the reasons they want to though things like who's pregnant n one case a father came into a talk to a store manager. i don't understand what you is goinaig on. you're sending my daughter coupons for cribs and diapers and baby stuff. she is only 18 years old. are you trying to encourage her to get pregnant. the manager was so poll gettic. i don't know what is happening. he was so embarrassed, a couple days later he called the father. i want to apologize. the dad said, well i had a conversation with my daughter, turns out there are activities we're not aware of in my household and she is due in rawing. gerri:eh unbelievable. you say the reason target tracks that one thing so very closely is because that's time where a woman will change her shopping habits and target can lock on to her and she could be a target customer forever?

>> that's exactly right. we know your entire shopping behaviors change during major life moments. when you get married or divorce. when you buy a new house or move into a new apartment. all your shopping habits are up for grabs. whens. people get married they y more expensive brand of beer. gerri: really? >> not aware of it. this just happens. so the biggest life change when you have a baby. now the problem is, when you have a baby it's a public record. everyone starts sending you coupons. what target and many retailers can figure out, who is pregnant. gerri: who is pregnant. >> before they give birth and start sending them coupons. gerri: talk about some of the things target tracks. iks was surprised to learn somef the details. your politics. your reading habits. what kind of car you drive. not just your address and your phone number and how many kids you have. we're talking real details here. >> absolutely. every major retailer does this if they can. they try to figure out -- gerri: unbelievable. >> what party affiliation you

have because that is public record. if you voted and your party. >> yeah. >> they will buy information from these large data warehouses that will tell them things like, do you have any medical conditions that they might be able to pick up on based on magazines you're asking for. based on information you hand over to marketers. every single time you do something that creates a bit of data, whether use your credit card or sign up for magazine subscription there is someone collecting that. and using that information to package a portrait of who you are and sell it to companies like o target. gerri: sell it to companies to market to you directly. i quoted in the first part of our show tonight, verizon is out there collecting information on people now. and one of their executives says, big data is oil. it's the neway oil. it is going to be this lucrative. let me tell what you target had to say a target spokesperson in response to this conversation about how much information they're using. we use research tools that help us understand guests shopping trend and preferences so we can give our guests offers and promotions that are relevant to them. guests are always welcome to opt

out of our marketing programs. how easy is that? >> you know it is an interesting question. you can always tell the company, i don't want to get these coupons or e-mails, right? that is easy to do but most people don't realize how much they're being tracked. the truth of the matter is, target has a point, look we're sending people coupons we can use. if you're pregnant getting a kruper upon for a crib that is really useful. -- coupon. my wife was pregnant when i was reporting for "new york times." i got these coupons that were amazing. i want ad crib. there is tradeoff between privacy and convenience. when you use credit card you create data that allows a store or company to track what you're buying. it's a lot moore convenient to use credit card or instead of cash. gerri: real way to keep people from building information on you to pay in cash only. let me quote you this number. $23 billion, that is the money target made after coming up with the pregnancy model.

they're making big bucks off individual american information. >> absolutely. the big data is new oil. everything we know about information, the more i can learn about you specifically the more i can convince you to buy my product that means i can make billions. gerri: you can make billions. again we are financing that. i mean how many ways can you make mooney off of me as a consumer? apparently there are endless ways. charles, thanks for coming on the show. absolute pleasure meeting you. >> thanks for having me. i appreciate it. gerri: coming up, much more on your medical privacy. pharmacies are not just looking at what drugs you're on. some look at what else you buy in the store and selling that information. details next.

gerri: you might want to think twice before buying a candy bar in the checkout line. your insurer may be watching you. details coming up.

gerri: did you know your shopping habits are being watched? employers, even insurance companies, are peeking at your shopping carts to monitor your health and to make sure you're not eating too many candy bars. joining me john ulzheimer, consumer education president for smartcredit.com. great to have you on set here. >> thank you so much. gerri: what are these insurers looking for? how are they tracking us? >> it's a little creepy. they're tracking us in a variety of ways.ac a lot of information we're giving them voluntarily signing up for things like corporate wellness programs where they track things how many steps you will take in a day and how often you're going to a gym. they will put monitors on a wrist and track information and send it back. they do it for two reasons. risk mitigation an marketing,

two very, very powerful tools for them. gerri: lucrative if they manage it right way. >> extraordinarily lucrative. gerri: john, blue cross-blue shield of north carolina. they spent a ton of dough, buying lots of data, three million people in their employer group plans. here they have just an incredible amount of data. small pieces of information about your buying habits, what you're doing, where you're going, et cetera, et cetera. this helps them manage costs on behalf of the company. >> of course it does. look how does an insurance company make money? they make money by what? not paying claims and not insuring people who are unhealthy. so anything that they can do to get their hands on information that indicates that you are a health risk, for example, very valuable to them. they can price the insurance more appropriately or avoided you all together. gerri: johnson & johnson paying workers 500 bucks to submit biometrics. here you give them every single detail, your employer. >> absolutely. gerri: i'm thinking, look, if

i'm looking for a job. let's say what if i fail a precancer screening? >> think of it from the employer's perspective which is rough thing to do as a nonemployer. their attitude is look, if you are sick, if you are unhealthy, your work production will be down, quality of work will likely going to be down. you will be sick all the time. are you really the right fit for this position? it is a sick question to ask. gerri: so many people looking for jobs right now, they're not 20, they're not 25, they're 455 and off. >> exactly. gerri: they're desperate to get a m job. they may have a condition they're trying to monitor. here is what cvs pharmacy did. they said, submit your health information or we'll have you pay a $600 fine every year. >> that is really nice of them. you would be surprised that money is being subsidized to some extent by the drugmakers. they want to know who they can market theirke products to and o distributes their products, cvs and other pharmacies. gerri: wow. >> yeah. gerri: just whales within wheels here.

you're scaring me. here is what i'm wondering, what if i go to a big-name retailer and use my credit card to buy plus size clothing. no, i'm serious. this is serious issue. >> yes. gerri: does that mean i my employer at some point might know that? >> your employer would nope you're a plus size, they see you every day. that number one. gerri: but now part of my documentation. aggregated with other information and that's a problem. it is no secret if you use your card to buy anything anywhere, the credit card companies know immediately. they have to approve the transaction. they know what merchant you're currently at because they have to approve the swipe. absolutely they know in a traction of a second if you're at a bar. if you're at a plus size store. or let's be fair, conversely if you're auto paying your gym membership on your credit card. so they have all this information and they have it all goes into their models to determine what kind of health risk you are or not. gerri: big change i think that information used to be available to credit card issuers.

used to be available to retailers. >> right. gerri: now insurers are being this detailed spending data. because of that, ultimately, your employer can know every detail of your health issues maybe even before you do. >> no more secrets. that's the environment we live in now. there are truly no more secrets. it's big s money. massive, massive money. again, we're looking at either what can i market to you or what can i take away because you're simply too risky. it will not change. it will get worse. wege, we, partially our fault. we put way too much information about ourselves out on, how many people post on facebook. i broke my foot yesterday or slipped in my driveway. man, look at this. i think i'm sick. we're voluntarily giving a lot of information out so it is not terribly difficult to find it. gerri: wow, don't use a credit card to buy things. that is how they track you. >> that's right. gerri: that is one thing not to do. this will keep you from being tracked. don't do it on a cell phone.

we had a segment how cell phones get you into trouble. >> how you can minimize it a bit?bo think about information giving on warranty cards. gerri: how so? >> buy large electronics or refrigerator and get a warranty card. fill out a boatload of information has absolutely nothing to with the fact they're using their microwave. where do you think ther information goes? why are they asking you all the information? be cynical and skeptical because all the information is sold to someone else and aggregated and resold to someone else so people can market things to you. gerri: i am cynical now. john, thanks for coming on the show. great to see you. >> thank you very much. gregg: coming up, our look at -- gerri: our look at medical privacy as we look at the risk of your medical information on the cloud. how to keep your data safe next. one of our experts shows how easy it is for hackers to get their hand on your information.

>> from the fox business studios in new york, here again is gerri willis. gerri: it is all sunshine and roses at the hhs department where secretary kathleen sibelius raises obamacare is pushed to digitize records. in percent of hospitals are putting your records in digital format. she says that this can help save money at the same time. we continue our investigation tonight with the founder and chief technology officer for medical information security. >> what is the dark side of putting all this data and personal data on the cloud?

>> it is true in a lot of ways. there is a lot of risk to putting this sensitive data online. 21 million people have had their electronic medical records online. gerri: that is unbelievable. let's show the wall of shame. companies that you know, aetna, blue cross blue shield, saint jude. i'm looking for a job, maybe i

failed the pre-cancer screening. what's next? than there are people who scan the data. this? >> there a lot of different reasons why someone would want to feel this data. one is health insurance fraud. people can sell your data and others can use it to get free health care. maybe they get free prescription drugs and you are okay together. then there is the financial identity theft. social security numbers, that kind of information is very valuable to people who want to commit financial fraud. it can mess up your health care records with people using your identity to get services and it can mess up your credit. gerri: let's say you go to the emergency room and someone has

massed with your records and you get the wrong blood transfusion with the wrong blood type. this could kill you ultimately. people are not really thinking through the ultimate cost of these problems, i do not think. >> it is very true. if you are in an emergency situation, your records will be wrong. they might think he will assess when you have them. that is obviously a big problem. one of the things that is specific to this is children's identity information. because, you know, normally children are not doing financial transactions. they can't have their identity stolen. but with health care, we have data about children. gerri: i did not even know that. another area causing concern is medical devices.

regulators, fetal monitors come all the things that are connected to the web. they are also vulnerable and can be refused in some ways. >> these devices are stand-alone. these devices connect them and a lot of them were designed and all of a sudden we are connecting them up with hackers. another issue of medical devices is it is hard to fix them and update them because there is such a long certification process. once the vulnerability is found

in a come it takes a long time to fix it. it is not like a regular i.t. system which you can patch in a few hours. it is very difficult to get these things fixed. gerri: it seems to me there is not enough expertise out there to make these things safe. what you do you tell people? members of your family say what can i do to keep my private information private. what do you say? >> one of the things you can do is ask your insurance company, your health insurance company for a copy of your medical records. look to make sure all the accounts that are open on your credit report, but they are all things that you know about. gerri: thank you for coming on. great conversation. come back sometime soon.

gerri: coming up next, how the government is making things worse and how easy your medical records are to be hacked. don't go away

♪ >> from our fox biness studios in newor h >> from her fox business studios in new york, here again is gerri willis. gerri: it is worth more to criminals and your social security number or your credit card. in many cases, it is less secure. i'm talking about your medical records. we wanted to find out just how easy it was for the bad guys to steal your medical data. we decided to try it ourselves. the results were shocking. i sat down with nothing more than a laptop and internet connection with our guests and we were able to access a vast

trove of information. >> people are stealing medical records. what is it that they are getting? >> credit card information has been stored for a mile. as well as financial information. but health records are turning out to be extremely valuable on the black market because of the great information that is in there. social security numbers, date of birth, financial information. it is a gold mine. gerri: numbers that are out there, 92% of health care systems have talked about their systems have been compromised in some ways. gerri: where is this information stored? >> it is stored on a server.

>> it could be a gator center of a major hospital. that is what the key is. most of these systems are connected to the internet because the information has to go from one information to another. gerri: is a patient i want to think that my information is not being storm left right and center. >> well, there is a law called headbutt, but it's to protect your medical privacy. anyone who gathers your medical information has to protect your privacy. but the problem is we see breaches all over the internet. people are using the software,.

gerri: i want to see a doctor's front door, if you will. >> sure. it is very easy to find the front door. what they can do is use a search engine like google. you will get thousands of sites that are connected to the internet you can be pretty sure that health care information behind that login screen exists beyond what are you searching for? >> well, this is part of the different websites that are coming up. if i click on one here, you can see the login page. >> so if i work in some kind of health care facility, this is what i would log into everyday?

>> exactly. if you were a doctor or a nurse, you have a website where you would log in and your username and password. the thing is the portability and software can often be bypassed. >> you are finding the people are not secure, show me how you break through this? >> you fingerprint were kind of software it is and you look up the vulnerability database. and you do a search for that piece of software. then you will see a list of vulnerabilities that is coming up here. these are all different types of vulnerabilities in which you can use tools. >> can anyone get into this database? >> yes, it is a public database. it is actually linked to

exploiting the information. >> it gives us instructions on how to do that. what i will do is take that and put it in a tool that will attack that system and extract all the data from it. these are different parts of the database. >> i then we realize realized there was that much data in detail of immunizations and insurance. so you're telling me that anybody could virtually get this information? >> that is right. so i think the primary reason people are doing this is identity theft and that is so valuable. >> what we are doing here is stimulation because we can't really do it without getting in trouble. >> that's right. but this is real medical records and software that is readily

available to people all over the country has seen in thousands of places. >> i think this is so important. the government is requiring a lot of these records to be put on the web and the internet. the government itself is at a tipping point. most records are online and we expect all of them to be online. what does that mean for safety? >> that is what really concerns me. there is a natural course to adopting technology. the more sophisticated organizations, the city hospitals and whatnot, they have the i.t. staff and the capabilities to secure those systems. but when you push people to install software, oftentimes they don't know what to do. >> a smaller offices and systems and the smaller medical colleges and schools. >> and when there is a deadline

that has to be done, has to be done quickly. oftentimes security is left by the wayside. gerri: unbelievable. now, what you saw was a test, but it could very easily have been real. 21 million people have had their electronic records stolen. the advice is simple. make sure that you are running the most up-to-date software for individuals and check your health records and everything on them is really about you. earlier i was on fox news talking about this. if you are set i just gave the bad guys a how-to guide. but remember that we can show everything. i think it is important to get the word out so the problem can get fixed. still to come, your reaction and a look at your medical privacy as congress finally investigates reports that the irs is seizing your records. we will have the latest coming up next.

gerri: companies aren't the only ones getting your medical data. how uncle sam is getting a hand on your information coming up next

six your medicalvacy expose gerri: your medical privacy exposed. an issue we have been covering. we will continue to follow it as new allegations swirl around irs agents seizing millions of medical records potentially. liz macdonald joins me now with the very best. >> and superior state court in san diego, came from wesley snipes he said that that the records

were seized by irs agents part of a company that is unnamed in search of a former employer. allegedly they took the server and the phones there and got access to these medical records. gerri: ysr? >> this is a class action lawsuit. this all ties back into the deep-seated concern on the part of the american viewer out there. about health records being exposed. here's the thing. this is so important pretty hot debate going on in washington dc. the administration talks about electronic medical records. will the irs able to access your

tax return remap your household income, it is an assault against her entire household income, everyone in your house. so now we have to determine if a portable adequate coverage. this is a real issue that i haven't seen. they do have to handle medicare and social security. now the treasury is saying that the health report is a large set of tax changes in the history of the country. >> we must enforce the tax law. we can imagine what will happen

is the one we have been talking about it for weeks. crooks and criminals all over the world have access. the irs having access is very concerning. >> or electronic medical records are part of your tax returns. that is the debate. that will be a big deal. gerri: it will be scary.

gerri: welcome back. we have spent the last hour discussing ways your medical privacy is being infringed upon. we will continue to devote a lot of time to that. it is important for you, the consumer, to know how to keep yourself safe. looking out for you is what matters most.

john from georgia writes that i appreciated your segment on china's attempt to purchase smithfield. this is a chilling thought. the steady increase of food imported from china is chilling. this leads to our dependence on imported foods growing as our farmers become increasingly strangled by mountains of regulations. china produces crops merely without oversight. and george from pennsylvania says i'm a devoted fan of your show. i saw a recent segment on crazy bank fees. i am a small business owner and i recently saw a charge of $20 called a cash deposit fee. i am told that i do think that when i deposit too much cash over a ssecific time, all things have said that they do this, it is basically robbery.

>> we spend the whole hour telling you tomorrow how do you do that? you won't want to miss that. that is it for tonight's "willis report." thank you for joining us. i hope you have a wonderful fourth of july and a great night. lou: good evening, everyone, thank you for being with us. president obama recently exercising his executive power again to direct the environmental protection agency. repeatedly wiping sweat from his brow, declaring that climate change is happening now. >> i do not have