The Ponemon Institute, a nationally recognized privacy research firm, recently released its Fourth Annual Patient Privacy and Data Security Study. For healthcare providers, it is probably not much of a new revelation that the study found more criminals are stealing patient records to commit medical identity theft. This type of crime is a less-risk and highly profitable industry.
What is attention grabbing is that these criminal attacks on healthcare providers increased dramatically and are up 100% since 2010. According to the study, these breaches cost the industry about $5.6 billion a year.
If your medical or dental practice has electronic medical records (EMR) and is following all the proper HIPAA Security Rule safeguards, this can help to identity possible unauthorized access or fraud. If your practice has paper charts, the unauthorized access to patient records could be virtually untraceable until an identity theft case occurs. For EMR, training staff to be alert to fraud trends can help, along with a systematic way to continuously review audit logs to see who is accessing patient records.
Here are three tips to help your practice be more proactive in fighting medical identity theft:
-
Conduct background checks on ALL staff, regardless if access to patient records is required for their particular positions or not.
-
Set up a robust education campaign to make patients aware of medical identity theft and teach them how to report any errors discovered on their Explanation of Benefits.
-
Implement a response program for possible medical identity theft cases. The program needs to have comprehensive but understandable written policies and procedures for immediate action for a flagged record.
As the risk will only continue to grow, the reputation and credibility of your practice in addressing patient record breaches is at stake here. Having a proactive plan in place will help your practice quickly recognize possible medical identity theft cases and initiate an immediate and required action.
Author: Jay Hodes is the President of Colington Security Consulting LLC and the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services, Office of Inspector General. In that position he supervised over 200 Special Agents and professional support staff responsible for health care fraud and medical identity theft investigations throughout the eastern United States.
His company provides assistance with HIPAA Security Rule compliance by identifying vulnerabilities and risks; determining the potential impact and providing a gap analysis action plan to prevent unauthorized access, tampering and theft.
Please contact Jay with any questions you have at jhodes@colingtonsecurity.com.