  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
PREVENTING MEDICAL IDENTITY THEFTSource: Health News DigestPosted on October 15, 2010 Imagine your personal medical information has been compromised by a security breach. Then imagine finding out that your personal information has been used by someone to obtain medical treatments and even prescription drugs. The gravity of this breach becomes even more serious when you receive an invoice for the treatment, or worse, find out medical information in your personal file has been changed. Medical identity theft is the fastest-growing form of ID theft in America today and has become a growing global problem, with The World Privacy Forum estimating the number of victims to be between 250,000 to 500,000 people each year. According to a Harris poll, the numbers are even higher than what the World Privacy Forum estimates, with approximately 4 percent of American adults, or nine million people, believing that they or a member of their family have had confidential medical information lost or stolen. Medical identity theft can expose a person's personal information, which can then be used by fraudsters to get medical treatments, benefits, prescription drugs and generally defraud the medical system. The victims of identity theft may ultimately receive incorrect medical treatment if their records have been altered. In a medical emergency, these fraudulent changes could lead to incorrect diagnoses and even death. Cases of Medical Identity Theft are GrowingIn the U.S., where the for-profit healthcare system creates incentives for hospitals and insurance companies to root out identity theft, an estimated 15 percent of claims are considered fraudulent. From the standpoint of medical institutions, the consequences of medical identity theft may be significant. Healthcare providers may be assessed of heavy fines, legal expenses, bad publicity and reputation loss. According to Forrester Research Inc., in 2006 companies that experienced security breaches lost between one and $22 million, and with the Ponemon Institute's 2009 Cost of Data Breach Study placing the average cost of a breach across a range of organizations as high as $202 per record or $6.6million per breach, a patient data breach is potentially a debilitating event for any healthcare facility regardless of size." The Mechanics of the Breach The moment a hospital admits a new patient, a medical record is initiated. Moving through different phases of the medical process, the record accumulates a multitude of details - from the patient's lifestyle to symptoms, test results, diagnoses, treatment plans, procedures, insurance and personal information. These files, often kept in paper-based form, may continue beyond the original medical institution, making their way to other hospitals and clinics, family practice offices, insurance companies and health-related organizations. In a hospital, many people may have access to patients' confidential information. While most employees would never use this information for fraudulent purposes, some may, by exploiting it themselves or leaking it to thieves. Security breaches may also result from the intentional or unintentional negligence of healthcare employees. While stories about medical files being dumped into recycling dumpsters or garbage containers - and even posted on the Internet - may sound anecdotal, such incidents do happen. These kinds of security breaches are becoming more common worldwide: Furthermore, medical records also must be stored for a period of time, increasing the chances for a breach. Regular paper records are often kept for 10 years, and if it is a teaching hospital, or concerns a pediatric patient, hospitals may keep the records for 15 years or longer. Medical Identity Theft TrendsWhile there is no all-encompassing research on this, here are some of the trends in medical identity theft that Shred-it experts have compiled: Insider wrongdoing - The most common pattern in medical identity theft involves healthcare insiders. According to the Healthcare Information and Management Systems Society, about 23 percent of all breaches that required notification since 2000 have been caused by an employee. Organized crime - The people who work within the healthcare sector may sell stolen medical identity data to organized crime groups. Such groups may set up dummy corporations for short periods of time and bill insurance companies for expensive medical equipment. Internet disclosure - Medical information may be erroneously posted on the Internet, which may or may not result in identity theft and fraud. Stolen or lost laptops - There are a number of examples when the security of patient information is compromised as a result of the loss or theft of laptops and data drives. Common Document Security MeasuresIn the U.S., most medical institutions are using some kind of document shredding process; they either outsource it through third parties or use shredders. However, their level of security varies widely, based on several factors: U.S. Legislation protecting Medical InformationThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires healthcare organizations to "maintain reasonable and appropriate technical and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information." The Health Information Technology for Economic and Clinical Health Act (HITECH Act), part of the American Recovery and Reinvestment Act of 2009 (ARRA), contains incentives related to health care information technology and incentives designed to accelerate the adoption of electronic heath record systems among providers. The Act also widens the scope of privacy and security protections available under HIPAA, increasing the potential legal liability for non-compliance and provides more enforcement. The Shred-it SolutionBalancing the protection of patients' medical records with budgetary constraints and patient information accessibility in a hospital environment is no easy task. To protect the security of patients' information, hospitals should correctly identify security challenges in their organization and physically secure data. In a busy hospital setting, emphasis is typically placed on speed and ease of access to information rather than on information security. The challenges of making medical information secure are particularly critical in the context of large medical organizations. Hospitals should also integrate and manage the emerging large-scale e-health applications and get sufficient funding for security management systems. While there is no single solution, medical institutions should consider the following: The value Shred-it offers to its medical clients extends beyond the physical process of destroying documents. Working as a strategic partner, Shred-it help clients identify and proactively manage their unique security risks. It addresses the full spectrum of their operational, security and financial needs, developing - and executing - a strategy that is both effective and cost-efficient. Among Shred-it's document destruction solutions are: Secure document destruction saves costs, increases employee productivity and enhances the reputation of medical institutions. But it also does much more, protecting patients from the medical, financial and psychological consequences of privacy breaches and identity theft and fraud. By Mike Skidmore, Shred-it Privacy & Security Officer
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |