Posts Tagged ‘electronic health records’
Beware of Racketeers Making Big Money on Patient Records – by Art Gross, President of HIPAA Secure Now
Armed robbery and drug trafficking are no longer the only crimes of choice for gangs. Instead of a gun, their newest weapon of choice is a mobile phone with Internet access. Now more sophisticated gang members are targeting medical practices and using their smart phones to steal patient records.
This is part of an organized crime ring that’s netting offenders up to $50,000 a night in stolen identities and false tax return filings.
It’s not uncommon for the friend of a gang member to infiltrate a medical practice, gain access to EHRs, download patient information and hand it over to the offender. That person will book a hotel room, set up a “team” and a cell phone bank, submit false tax returns online and generate huge profits in one night.
Florida is hotbed for this activity and it’s spreading across the country. In California, narcotics investigators took down a methamphetamine ring and confiscated 4,500 patient records. Investigators believe the stolen information was being used to obtain prescription drugs to make the illicit drug.
Stolen patient information will not only bring big Health Insurance Portability and Accountability Act (HIPAA) fines for data breaches; the additional direct and indirect expense of a breach can be financially catastrophic. But now there is a strong financial incentive to steal patient information – one lost or stolen patient record is valued at $50 on the black market.
Protect your practice. Medical practices need to realize they are vulnerable to security break-ins and should take steps to reduce their risk of stolen electronic protected health information by performing a risk assessment and identifying potential “leaks.” Here are the steps that organizations should take to protect this information
- Inventory patient information: Capture an inventory of where patient information is stored, accessed or transmitted. Most people think of an EHR as their only source of patient records but patient information can be in a Microsoft Word document in the form of patient letters, or Excel spreadsheets as billing reports or scanned images of Insurance Explanation of Benefits. These documents could be on desktops or laptops. Patient information could also be in emails or text messages in smartphones or tablets.
- Assess current security measures: A security risk assessment looks at how patient information is currently protected. How often does the practice perform data backups? Is there a termination procedure? Do employees have the minimum level of access to patient information? Are all portable devices secured and protected?
- Evaluate common threats to patient information: Physical risks, the likelihood of a threat and the impact of the threat if it occurs must also assessed. In addition to employees pilfering patient records, how are practices protecting information in the case of fire or flood, lost or stolen laptops containing patient information, sending emails to the wrong patient, to name a few. If the practice has patient information stored on laptops and physicians frequently take them out of the office and that information is not properly protected it may result in a large HIPAA fine – high risk with a high impact.
- Recommend additional security: A security risk assessment will identify additional security measures to prevent the likelihood of a threat and its impact. For example, limit who can take laptops out of the office, or ensure that they’re safely locked in a secured cabinet.
A thorough security risk assessment can help a medical practice identify the additional security or procedures needed to help lower the risk of common threats.
Art Gross is president and CEO of HIPAA Secure Now!
Identity Theft Through Obamacare Signups
This is an example of how identity theft can take place with the new Healthcare sign ups . We have been informed the navigators have not had criminal background checks completed on them. Their training is 20 to 30 hours, and after that training, they are expected to know the ins and outs of the 1200 page document of the Affordable Care Act. The Healthcare.gov site is not secure; has not had all the testing done before implementing the sign up pages; and now, your information can be viewed by anyone working there?
Seriously!
Plus the data can be accessed by not only the IRS, Dept of Homeland Security, Dept of Health and Human Services, Social Security Administration, Centers for Medicare and Medicaid, but the navigators themselves.
Whom should you trust? Watch the news clip below.
Remember, The Identity Advocate is here for your needs in providing education, information, solutions, and a fully managed identity theft recovery product at a cost of less than a car wash a month. Contact Linda at 310-831-4400 or linda@thedientityadvocate.com
3 Must Asked Question to Ensure the Privacy of your Health Records
It’s traumatic when you or a loved one is admitted to a hospital. There’s so much to worry about. However, the protection of your private health care information should not be one of them. Although there has been a rash of celebrity information being compromised during recent admissions to a hospital, you don’t have to have a star status to ensure your health care information is safe.
To make sure your private health information stays that way, here are 3 questions to ask during the admission process:
1. Does your organization do background checks on all employees?
2. Who has access to my information?
3. Where will my records be stored and will they be encrypted?
If the person admitting you (or the pre – admission process) can’t answer the above questions, ask to speak to a supervisor who has the answers. If he or she doesn’t know, then ask to speak to the Director of Nursing, or Chief Nursing Officer.
While you may feel this over cautious, we are hearing of Identity Theft Rings run from a hospital by an admissions clerk as in this case in Alabama: Leader of Identity Theft Ring Sentenced to prison.
Obviously an admission in an emergency you can’t do this process. This may be a reason to consider having Identity Protection and Recovery. If you want to know more about being proactive instead of reactive connect with me here: http://www.theidentityadvocate.com/identity-theft-protection.php.
Keep your piece of mind.
Protecting Your Medical Information from Identity Theft
Have you thought medical identity theft wouldn’t happen to you? Is your thought “why would anyone want my medical information?” Well, they don’t want your “medical history” — they want your insurance information. They might be out of work, or have a friend who needs assistance, or belong to an identity theft ring, and is in it for the money they can earn by selling your medical identity! Today it is more valuable then just your social security number.
When your medical information is stolen and used by someone to seek treatment, your own medical history will change. You may receive bills from doctors you have never seen or even heard of. You may discover they have a different blood type, or have cancer. Then to remove the mis-information and change your information back to who ‘you really are’ becomes an arduous task in itself. Also, you might find yourself responsible for bills that are not yours, and this affects your credit rating when it goes to collections!
Be proactive, protect your medical identity by asking your physician the following questions:
Does s/he do a complete background check on his employees?
Does s/he encrypt the records in his office?
If you should change physicians, what happens to those records? Does s/he outsource billing and receivables and if so, are they cleared as well. You want to know who is in his office and if there are prying eyes or someone who can walk off with all your information on a device such as a laptop or flash drive with all your electronic health information?
Read this article from Fox Business News and see why your medical information and insurance are a valued resource in the the black market; and why it is so difficult to keep your information PRIVATE: http://www.foxbusiness.com/on-air/willis-report/blog/2013/05/21/protect-yourself-against-medical-identity-theft..
And then call me or email me for solutions available to protect and recover your identity in the event that your identity is compromised or stolen
310-831-4400
Key Elements of HIPAA Compliance by TechTarget
Always a good reminder as things continue to evolve in the healthcare world. Very good article by Richard E. Mackey, Jr., Contributor. As compliance becomes key, always continue learning.
Preventing Medical Identity Theft – Palm Scanning
See the quick video about Palm Scans at El Centro Hospital:
Palm Scanning started at facilities back east. Good to see its arrival here in California. This procedure can assist in the prevention of Medical Identity Theft and Identity Fraud!
Medical Identity Theft: Will you be the next victim?
Preventing Medical ID Theft: Are You At Risk ?
Preventing medical ID theft has become a hot topic as Americans increasingly hear about the safety of their private medical records as more medical breeches continue to be discovered. Medical ID theft happens when a person uses someone’s identity to obtain medical services or steal money by falsifying claims for medical services. Identity thieves use a person’s Social Security number, insurance information, or other forms of identification to commit the medical ID theft.
Medical ID theft can have a devastating effect on victims, causing collections issues, credit problems, and even bankruptcy. But that’s not all. The type of medical treatment obtained by the identity thief can also prevent the victim from getting medical insurance or medical services themselves because, as far as the insurance company is concerned, the victim now has a “pre-existing” condition.
According to the FTC, medical ID theft accounts for three percent of all ID theft cases, or approximately 250,000 cases per year. Unfortunately, these medical ID theft statistics are expected to grow, especially with the shift to electronic medical records.
Preventing Medical ID Theft: The Unemployed and Uninsured
Due to their difficult circumstances, some groups are at a higher risk for becoming identity thieves. The unemployed and uninsured may use another person’s identity because of a belief that it’s the only way they can receive quality medical care. Since they’re unemployed, they don’t have access to an employer’s healthcare benefits, and they can’t afford to buy medical insurance because they don’t have a job. It’s a vicious cycle, and it can make good people do bad things.
Preventing Medical ID Theft: Illegal Immigration
Illegal immigration also poses a serious threat as medical ID theft continues to rise. When an illegal immigrant steals private information such as an individual’s Social Security number, he or she can obtain identification and numerous services reserved for legal residents. If precautions aren’t taken to prevent medical ID theft, an illegal immigrant can get a passport, driver’s license, bank account, credit card, loan, mortgage, insurance, medical treatment, and many other services.
Preventing Medical ID Theft in Five Steps
Begin preventing medical ID theft by following these five easy steps:
1. Have your Social Security number removed from your insurance records. If your Social Security number is currently on your insurance card, don’t carry your card with you. Keep it in a safe place and only carry a photocopy with all but the last four digits of your Social Security number blacked out.
2. Obtain copies of your credit reports, insurance claims, and medical records. Lock them in a safe or safety deposit box, or place them on a CD or flash drive.
3. Next, regularly review your credit reports, insurance claims, and medical records for suspicious entries, such as a medical treatment that was never performed on you.
4. Immediately address disputes on your explanation of benefits, bills for medical services you never received, or any other charges that could be sent to collections and damage your credit. These need to be investigated and removed from your records.
5. Don’t leave a paper trail. Destroying sensitive information you no longer need is another critical step in preventing medical ID theft, so shred claims that are more than seven years old. Also, ask if your provider’s office performs background checks employees to prevent medical ID theft rings and stolen medical information.
Preventing medical ID theft takes vigilance. Medical ID thieves are doing everything to stay one step ahead of you and the authorities, so use medical ID theft prevention strategies to protect your private information.
Want to learn more about preventing medical ID theft? Contact The Identity Advocate at 310.831.4400 or via email at info@theidentityadvocate.com.
Visit us online at www.theidentityadvocate.com.
Data Breeches in Health Care
Data Breeches are costing millions each year. The HITECH Act has not changed data protection as first thought. Dr. Larry Ponemon from the Ponemon Institute (which conducts independent research on privacy, data protection and information security policy) has submitted a great blog on the statistics which is available at : http://www.ponemon.org/blog/post/poor-privacy-practice-is-ailing-healthcare-industry
Data Breaches for the first half of 2010
Despite the law stating medical breaches involving more than 500 people must be listed on the Health and Human Services (HHS) breach list, the Identity Theft Resource Center recorded medical breaches which never made the list. Do you know why? The HHS list allows the loophole of “risk of harm” without requiring federal law enforcement verification. One state has reported more than 200 breaches. Most are not included in the Identity Theft Resource Center Breach Report because they did not include sufficient pertinent details regarding the event. Some states now harbor a protected breach list which is not made public at all, or is only accessible by exercising the Freedom of Information Act. Doesn’t this make you wonder why is it all so protected? Read the entire article from the Office of Inadequate Security
http://www.databreaches.net/?p=12436
WellPoint Data Breech possibly exposes 470,000 enrollees’ to Identity Theft
It is happening again, a large corporation has the potential loss of data due to a security breech. this means medical records, social security numbers even credit card information may have been exposed. The threat of Medical Identity Theft is even greater in a a case like this. Read California Health Line article at: http://www.californiahealthline.org/articles/2010/6/30/wellpoint-breach-could-have-exposed-enrollees-medical-financial-data.aspx
