Posts

protecting patient data in healthcare

How Doctors Can Transmit Patient Data Securely

protecting patient data in healthcare

Doctors must take precautions when sharing patient data. Learn more about how doctors should protect your PHI in this guest post from Heather Lomax. (Photo courtesy of MaxPixel)

The following guest post on protecting patient data was submitted by Heather Lomax.

Communication efforts in the last few years have greatly advanced between doctor and patient. Instead of having patients drive out for a visit or make drawn-out phone calls every time something needs to be discussed, some doctors’ offices have started to use online portals and email correspondence with patients. These options are extremely efficient, but they also place patients at a higher risk of medical identity theft. Therefore, special measurements need to be taken in safely transmitting patient data.

PHI Data and Email Encryption

First and foremost, patients need to make sure their devices are encrypted when they access medical data. Not operating on such a system places data at risk for theft with ease. Therefore, portals offering medical data need to be encrypted as well. Patients should be made aware that if their computers at home are not secure, then they place their data at risk there as well. Sending patients emails also requires another degree of encryption.

Different Types of Email

Several types of emails exist when it comes to safely transmitting data information with patients. For web-based email applications, doctors’ offices and patients alike need to use accounts with HTTPS encryption. This method is the only means by which web-based email is secure. The email is sent to a patient should also be encrypted using either PGP encryption methods or Symantec Digital IDs. In both of these aspects, each email comes with its encryption.

Use Cloud Services for Fax and Email

HIPAA regulations make specific claims about how data should be transmitted between office and patient. One of the methods to use for this communication relies on cloud services for both faxes and emails. These cloud services have their own firewalls and encryption procedures, and they make certain that data only goes to a specific location. More often than not, a specific receiver has to acknowledge that they accept a fax. A VPN access code can be used for this process.

Biometric Identification

As passwords become obsolete and even unsafe for healthcare data security, biometric identification is steadily rising in practice when it comes to accessing sensitive information. With passwords comes the potential of breaches in security, even with the most carefully crafted codes. However, with the use of fingerprint analysis, retina scans, and facial recognition software, it’s nearly impossible for identity fraud to take place since these characteristics cannot simply be imitated. And not only does it reduce the risk of billing fraud – it also prevents deadly medication errors, improves response rates to medical emergencies, and expedites health information exchange services (which will be discussed in the next section).

Use Three Different Forms of Health Info Exchange

When in doubt, doctors’ offices should use three, distinct methods of Health Information Exchange (HIE) with patients and other medical offices. The first type is directed change, where data can be sent and received securely through an electronic medium between providers and coordinated support care. The second option is a query-based exchange, which offers providers the opportunity to find and request information from patients and other providers when unplanned care takes place. Finally, doctors’ offices can use consumer mediated exchanges, a method which allows patients to have control over data and how it is used among different providers.

Conclusion

A great deal of options is available when it comes to transmitting electronic patient data. Rather than rely on flimsy means of protection, alternative options with tighter security like encrypted care, biometric identification, and HIE paths should be implemented instead. If your practice or hospital can introduce even one of these methods as part of their data transfer strategies, you’ll notice a great improvement in workplace efficiency as well as security for your patients.

Author bio:

Heather Lomax is a contributing writer and media relations specialist for Blaze Systems. She writes articles for a variety of medtech blogs, discussing solutions for optimizing healthcare data protection and clinical technology.

medical identity theft prevention

Medical Identity Theft: How Hospitals Can Reduce Risk

medical identity theft prevention

Medical identity theft can be just as damaging to hospitals as it is to patients. Learn more about what hospitals can do to protect themselves from falling victim to medical identity theft. (Photo courtesy of Shutterstock)

Hospitals are generally considered to be a place to seek refuge — a safe haven for both employees and patients alike. Unfortunately, this isn’t always the case. Incidents of medical identity theft are becoming more and more common. Issues involving improper use and disposal of data, hacking, and theft result in not only adverse financial consequences but can also even have negative impacts on healthcare and personal well-being. Identity theft is something that every hospital needs to be aware of and prepared for — these steps can be helpful in preventing medical identity theft and ultimately reducing your hospital’s risk.

Reduce risk associated with personal patient information

The use and storage of patient’s social security numbers is the main source of vulnerability when it comes to identity theft. Data breaches and entry errors can mean that a patient’s information can fall into the wrong hands — compromising the safety of both the individual and the hospital itself. While much of the fraudulent use of patient information comes from stolen or leaked data, verbal or physical forms of sensitive patient information can also end up in the wrong hands. Hospital employees should take care to never discuss patient information in public areas, or with friends and families. In addition, physical forms including patient charts and records (even if they only contain the name of the patient) should be safely used and stored.

Ensure that secure methods are used in storage of patient health information

Every health organization should take necessary measures in order to ensure the safety and security of patient information. An investment in appropriate health IT may be costly up front, but it could end up providing endless savings — both financial, and otherwise — in the long run. Additionally, the use of a unique health safety identifier (UHSI) is a great measure to strengthen information and data security, with positive results extending all the way to the patient.

Avoid storing personal information of patients unless absolutely necessary

While many healthcare providers perceive that patient information — including social security numbers — must be stored for billing and insurance purposes, this simply isn’t the case. The storage of sensitive information (like social security numbers) isn’t always needed, and unnecessarily doing so may pose a risk for the patient and the hospital.

Dispose of patient information responsibly

Just as sensitive information should not be stored unless absolutely necessary, it is also imperative that patient information be disposed of in a responsible manner. Outdated or unused medical information, forms, and billing data should be shred or erased completely when no longer needed.

Assemble and utilize an advisory committee

In any healthcare setting, it is beneficial to have a diverse team of leaders that comes together to regularly review and assess security issues and vulnerabilities. By raising awareness and discussing perceived risks, hospital leaders can be well-informed when it comes to making decisions and implementing efforts to reduce risks and protect sensitive information.

how hospitals can prevent medical ID theft in healthcare

(Photo courtesy of Shutterstock)

Respond appropriately to issues and concerns

Not only can an advisory committee help prevent against identity theft, but the designated team of experts can be essential in addressing issues promptly and adequately. Utilization of an inventory system that tracks all processes and systems that contributed to the security breach can allow for the hospital to pinpoint the weaknesses and make necessary improvements. Once an issue is discovered, the advisory committee will be better prepared to — while looking at the data inventory — prioritize areas of concern and make adjustments that are needed.

Educate the patients themselves

As many hospitals strive to do the best they possibly can when it comes to securing patient information, actually sharing statistics and suggestions with the patients themselves can further improve the security of that information. Patients should be encouraged to keep their cards and information in a safe place and should be told to take caution when sharing sensitive details. Patient participation is crucial when it comes to combating identity theft and security tips and suggestions can be posted as signs throughout the hospital — or given to the patients in a brochure.

Medical identity theft is increasingly becoming a great threat to the safety of patients and health care providers. While there are many ways that patient information can end up in the wrong hands, there are fortunately many ways that both hospitals and patients can prevent this from happening. By working together and considering these tips, hospital staff members can ensure that the information of their patients can remain as secure as possible.

medical identity theft in healthcareAuthor bio: 

Joanna Sommer is the Senior Editor for InformedMag and is passionate about security and tech. She has been working in the home safety and security field for 5 years. Joanna loves to travel and enjoys going to hot yoga and Barre classes. She is dedicated to creating articles that both educate and help people make an informed purchasing decision.

learn how to prevent medical identity theft in healthcare

How to Prevent Your Medical Information from Misuse

learn how to prevent medical identity theft in healthcare

Medical identity theft can seriously threaten your physical and financial health.

The following guest post on protecting your medical information from misuse was submitted by Christine DiGangi.

When it comes to personal information, your health records are about as personal as it gets. And while it may not seem as immediately damaging as someone hacking into your bank account, medical identity theft can seriously threaten your physical and financial health.

How a Thief Might Misuse Your Medical Information

Think of all the information you’ve handed over at a doctor’s office: Name, birth date, address, Social Security number, insurance information, family medical history — these are all things someone can use to impersonate you. This makes health care providers targets for hackers. What can they do with your medical data? Plenty. They can open fraudulent financial accounts, commit crimes (besides identity theft), file a fraudulent tax return (and get the refund), buy prescription drugs with your insurance (and maybe sell them, which goes back to the crime problem), claim federal benefits like Social Security, use your insurance to get medical care and countless other things, all in your name. The results of such fraud can end up on your criminal record, medical history or credit report.

Say someone got their hands on your medical information and they used it to get medical treatment. That person’s health data could end up in your medical history and affect your future care. What if that person maxed out your insurance coverage, leaving you without the coverage you need? What if medical expenses that person generated don’t get paid? That could result in a collection account on your credit report and cause your credit score to drop until you dispute the error or resolve the identity theft. There’s a lot at stake. We asked identity theft expert Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves,” for his top tips on preventing your medical information from misuse. Here’s what he said.

You Don’t Have to Share Everything

A lot of people provide their Social Security number and other sensitive details to their healthcare provider without asking if it’s necessary, Levin said. Just because they ask for it doesn’t mean they need it.

“Find out how they intend to secure it,” Levin said. “Remember, they already have your medical insurance information and often require a credit card.”

When You Do Share Sensitive Information, Do It Carefully

Once you hand over your information, you no longer control it, so think about the way you’re providing your doctors with records. Levin said you should never send medical information to someone you don’t know unless you’re the one who contacted them.

“Know precisely to whom you are communicating and confirm that their requests are reasonable,” he said. “Remember, you should never send sensitive information by way of email or text. Only fax if you know who is standing next to the machine as you are faxing.”

Use Common-Sense Security

Lots of health care providers have gone digital, meaning you can access your records or pay your bills through an online account. While password security is important for all online accounts, it’s especially crucial when you’re setting your credentials for a medical website. And if you do end up with physical paperwork that includes details on your health, insurance or any other personally identifiable information, keep it in a safe place. If you want to discard it, use a cross-cutting shredder, Levin said.

More Resources on Medical Identity Theft

Until a fraud has been corrected (which can take months or even years), you may suffer some credit damage, which is another reason to try and prevent the fraud from happening and act quickly as soon as you detect it. While working toward a resolution, you’ll want to focus on what you can control, like practicing the safety tips we just described or improving other aspects of your credit. For example, you could work on making on-time payments and paying down debt, which are good things for your credit scores. If you’re having trouble accessing credit because of identity theft, getting a secured credit card might be able to help you keep your credit file active, because a secured card generally does not require a credit check.

Monitor your credit reports for unfamiliar collection accounts and other signs of identity theft, in addition to keeping an eye on your mail and insurance for bills regarding care you didn’t receive. The Federal Trade Commission has a guide on how to request and review your medical records for accuracy, as well as how to resolve identity theft.

learn more about how to prevent medical identity theft in healthcareChristine DiGangi is a reporter and the social media editor for Credit.com, covering a variety of personal finance topics. Her writing has been featured on USA Today, MSN, Yahoo! Finance and The New York Times International Weekly, among other outlets. You can find her on Twitter @writingbikes.

 

prevent patient fraud in healthcare

5 Ways to Prevent Patient Fraud and Identity Theft

prevent patient fraud in healthcare

Preventing patient fraud begins with a thorough understanding of how to protect your identity.

The following post on preventing medical ID theft and patient fraud in healthcare was submitted by Meghan Belnap.

In this digital age, we can purchase anything with a click, transfer money from one bank account to another in a split second, and reconnect with people from anywhere in the world. There are so many great advantages to the internet age but unfortunately, there are serious drawbacks as well.

As technology advances, so do the dirty tricks played by criminals in an attempt to commit patient fraud and identity theft. With so much of our medical history available at our fingertips in digital form, it’s easier than ever to have that stolen from us. Here are five simple ways to avoid falling victim:

Password Protection

Hackers are skilled at decoding passwords. If the one you use is not a unique combination of numbers, letters, and symbols, you are putting yourself at a higher risk. If your password is still hacked from one site, it is important that you are not also handing them your password for everything else as well. For example, if your patient portal account password is fraudulently obtained, you do not want that to also be the password you use for your bank account. It requires keeping track of numerous passwords, but it is worth it to use different ones for each site you log in to within your digital health network.

Swipe With Caution

Card skimmers are very popular tools used by crooks to gain access to your account information. Each time you swipe a debit or credit card at a hospital or any other A.T.M. machine or gas pump, the machine reads the information stored on the black strip on the back of the card. This houses important information and it is all a hacker needs to wipe out your bank account. When you approach these machines, look at them closely. Does the area that you insert the card into seem loose or ill-fitting in any way? Does the paint color and material of it match the surrounding area? If not, there may be a skimming device attached to the machine. If you are suspicious, try giving it a tug. Is it loose? If you experience this, contact local law enforcement right away.

Monitor Accounts

If you have access to online banking, take advantage of it. Set up alerts that notify you when funds have been used over a certain amount or in ways unusual for your typical spending patterns.

Be Careful With Your Card

Keep an eye on your cards at all times. Statistics show that on average over 12 million U.S citizens identify as fraud victims annually. Professional FBI experts who are board certified behavior analysts specialize in investigative criminal or terrorist actions. While help is offered to those that are victim of patient fraud and identity theft, take the extra precautions to keep yourself safe by implementing smart daily precautions.

Identity Protection Services

There are a variety of resources available at your convenience which specialize in monitoring your social security number, name, and other personal information that could be used for patient fraud or identity theft. Most companies charge a fee to provide this service but if it prevents even one breach, it will be money well spent.

While there are numerous ways someone can gain access to your personal information, there are by far more things you can do to prevent it. Be cautious with your private details. Keep things secure both online and physically with the proper protection required. Whether it’s a safe box in your closet to keep your social security card, health insurance ID, birth certificates and other documents out of reach, or strong passwords that keep hackers out of accounts, it is possible to avoid patient fraud.

Meghan Belnap is a freelance writer who enjoys spending time with her family. She loves being in the outdoors and exploring new opportunities whenever they arise. Meghan finds happiness in researching new topics that help to expand her horizons. You can often find her buried in a good book or out looking for an adventure. You can connect with her on Facebook right here and Twitter right here.

3 Unexpected Ways Medical ID Theft Can Harm Your Pocket

3 Unexpected Ways Medical ID Theft Can Harm Your Pocket

prevent medical ID theft

Learn more about the top three unexpected things you need to know to protect your medical identity.

The following guest post covering the impact of medical ID theft was submitted by Michael Rogers.

Are you the recent victim of medical ID theft? Do you know someone who recently discovered their identity had been stolen? If you or someone you know has experienced someone stealing your identity, then you know how unsettling and upsetting it can be. But what you might not realize in the moment is that having your medical ID stolen actually can result in major problems for your bank account. Read on to learn our top three unexpected things you need to know right now about protecting your medical ID and how a stolen identity can result in problems in your pocket. Knowing is power — and you can do something about it before too much damage is done. Read on:

Tip #1: Data Breaches Mean Bad News for You

Did you know that healthcare organizations admit that they don’t have enough security to withstand many cyberattacks? Data breaches to healthcare organizations are at a loss of millions and are under constant attack by malware. What does this mean for you? It means that your medical data is vulnerable, and when an online thief gets ahold of your Social Security number and other medical ID information — including passwords to your healthcare accounts — then you could begin to see not only your healthcare savings account empty out for procedures and products you didn’t authorize, but you also may see your bank account empty out. That’s because many of us use the same passwords over and over again. So don’t be surprised if someone steals your medical ID information and then uses that information to break into your bank and credit card accounts. Change your passwords regularly and encrypt your online sessions to protect yourself.

Tip #2: Unauthorized Procedures

Many of us have healthcare savings accounts. They are a great way to get tax-free cash into an account and to use that cash for doctor’s visits, surgeries, procedures and even products like HIV-testing kits and pharmaceuticals. When someone steals your medical ID information, however, that means they can get access to this account. They can then go online and begin purchasing items that qualify for the account. They also can begin the process of filing insurance claims for fraudulent surgeries and procedures.

Tip #3: Exhausted Medical Benefits

When you become the victim of medical ID theft, you may find that your insurance benefits are no longer available to you when you need them. In most of the cases ID theft victims start to panic and do not know where to start from. If you have any doubts, are any reasons to suspect being ID theft victim you should immediately contact either your local insurance provider or healthcare organization in order to minimize possible losses. Many victims don’t realize this until something happens — like they are rushed to the hospital — and they find their insurance has been denied. Online thieves will steal your information so that they can get the procedures they need in your name. This kind of fraud can take years to unravel — coming at a huge out-of-pocket expense to you. When you need to go to the hospital, you need to go. You can’t wait. And if you’re the victim of fraud, you’ll likely be paying tens of thousands of dollars of that you don’t have because your insurance has been denied.

Protect and Empower Now

Sometimes knowing how you could be vulnerable to a medical ID attack is the first step. When your online presence is threatened and someone steals your social security number or insurance premium information, then not only are you at a big financial risk for procedures and bills you shouldn’t have to pay for — but those breaches could lead to breaches in other areas of your finances, such as your bank account. As you move forward, remember to monitor your medical ID information and medical online activity regularly. The more you know about what is happening in your medical or insurance accounts online, the more quickly you will be able to see when something isn’t quite right. In addition, remember to change your passwords regularly, and don’t use the same passwords for multiple accounts. With an estimated 2.3 million Americans falling victim to medical ID theft in 2014, it’s possible that you also could experience this situation. So stay ahead of the game and protect your pocket with these three key tips.

Michael Rogers- is experienced Director of Operations, manager and educator from USInsuranceAgents.com. Michael is not only well-educated insurance professional, but also very interesting interlocutor, with deep knowledge of modern arts and sports.

use photo biometrics to identify patients and prevent medical errors

Are Children Eligible to Enroll in Biometric Patient ID Solutions?

protect a child's medical identity with biometric patient ID

A patient access representative takes a photo of a child using an iris recognition camera to protect her medical identity.

The rapid spread of using biometric patient ID solutions has helped to increase safety, reduce duplicate medical records, eliminate healthcare fraud, and strengthen patient data integrity. As most healthcare providers who implement biometrics for patient ID quickly realize – patient participation is the most important factor to ensure deployment success and realize the strongest return on investment.

Traditionally, we see the use of biometrics as a strong security solution to protect our own medical identities, but what about children? Are they eligible to enroll in a biometric patient ID platform and realize the same protection as adults? The short answer is: It depends on the biometric patient identification solution that you select.

Often overlooked as a key demographic that is just as susceptible to the perils of medical identity theft and inaccurate identification, protecting a child’s medical identity is just as, if not more important than protecting our own identities. On a recent podcast with Eva Velasquez, President and CEO of The Identity Theft Resource Center, I asked Eva how important it is to protect a child’s medical identity and what is the earliest age that a child can have their medical identity stolen? Here is what she said:

“Protecting a child’s medical identity is definitely a growing concern in healthcare. And, it isn’t only protecting their medical identity but their identity as a whole. People generally do not believe that (medical ID theft) is a crime that affects children, but I can tell you that we (Identity Theft Resource Center) handle and re mediate cases of child ID theft on a daily basis. It’s really about ensuring that a child’s personal information doesn’t make it into the hands of a thief. The crux of the problem with child medical ID theft is the time of discovery…the most common ways that people find out they are victims of ID theft is because they are trying to accomplish something and they hit a barrier.

If you think about it, children just don’t engage with the outside world the same way adults do – they aren’t out applying for credit, trying to get a driver’s license (before the age of 16) and go through background checks. All of these external things that pop up and make us take notice of our identities, they just don’t happen with children, so that’s where it becomes a parent’s responsibility. For parents, it’s all about taking as many proactive steps as you can. Some states allow you to freeze your child’s credit, and you can certainly always request your child’s medical records to go through them and ensure their accuracy. As a parent, you need to read the Explanation of Benefits (EOBs) after your child has a pediatric visit.”

I then asked Eva what the earliest age is that a child can have their medical identity stolen. She offered this response:

“I hate to say this because it almost sounds like fear mongering but it’s absolutely true – it can actually be before the child is born. If a criminal just decides to make up a social security number that hasn’t been issued yet and starts to use it, it doesn’t necessarily make it back to the social security administration office so your child is born, you go to get a social security number issued to them and you receive it but a criminal has already been using it – so child ID theft can actually happen before they are born.”

Clearly, there is a sense of urgency to ensure a child’s medical identity is protected from the moment they are born! The problem that some healthcare providers face who have implemented certain biometric hardware modalities for patient ID is that not all are eligible for children to enroll. Instead, some biometric patient ID solution providers recommend that a child not enroll until they reach a certain age, or until certain physiological attributes are mature enough to be recognized by a hardware device. This essentially excludes children from leveraging the identity protection and security advantages of using biometric patient ID for identification at the age where they may perhaps be most vulnerable to having their identities stolen. 

The key for any healthcare provider seeking to implement biometrics for patient ID is to deploy a solution that has the ability to capture a child’s unique biometric profile at the youngest age possible and then use that as their identity credential for the rest of their lives without the inconvenience of re-enrolling as a child matures or the security risks of not being eligible to enroll at all.

Protecting a child’s medical identity is among the many reasons that we recommend the use of photo biometrics for patient identification in healthcare. Children as young as 10 months old can enroll and since the iris is a human physiological attribute that forms at 10 months of age and remains static throughout our lifetimes, it represents a viable and stable credential for accurate identification. 

As more healthcare organizations around the world evaluate the use of biometrics for patient identification, it is critical that all possible patient options and scenarios are addressed to maximize return on investment and ensure that any patient, no matter how young or old, can take advantage of the benefits to protect their medical identities. 

For a full version of our podcast with Eva Velasquez, President and CEO of The Identity Theft Resource Center, click here.

prevent medical identity theft

Medical Identity Theft – Detection & Prevention Tips

prevent medical identity theft

Follow these simple tips to prevent the dangers of medical identity theft from jeopardizing your patient safety.

The following guest post was submitted by Ryan Moalemi. 

In this day and age, people get increasingly restless if they don’t get their daily ‘fix’ of substances. The main cause for medical identity theft is trying to get drugs which you otherwise can’t get. Drug users who are addicted to certain drugs need a special pass if they want to get those drugs. If you don’t have this pass, you cannot buy the drug.

Medical Identity Theft isn’t something that occurs rarely. Unfortunately, it’s a daily happening, and it can get pretty nasty if left unchecked. There are numerous ways to protect yourself against Medical Identity Theft, but you’ll also need to know how to react if it happens. When people are desperate, they can do desperate things, going as far as stealing your identity to buy themselves drugs. Here are some tips on how to prevent and detect Medical Identity Theft:

Medical Identity Theft – What is it?

Medical identity theft isn’t much different than regular identity theft. However, the purpose here is to buy drugs, get health care at your expense, etc. Anything related to the medical field is a reason for people to steal your identity if they can’t get what they want. Most countries don’t have pictures of patients on their medical cards which is why it can be pretty easy for people to steal your identity. Of course, there are countries where are the details are listed and available to the medical staff to prevent theft and make it easier for them to go through your details.

Protecting your Personal Information

If you want to avoid having your identity stolen, you will need to know how to protect your personal information. The first step is to keep as much information about yourself to yourself except in cases where it’s necessary to share. Don’t let too many people know all of your personal information. You can also check out some Identity Theft Protection to get even more protection. There are various measures you can take to do this, but the best thing is not to share too much.

Stay Away From Common Fraud Schemes

The most common fraud schemes involve offers which you should take instantly because it’s excellent. If you don’t take the offer, you will regret it because it won’t be good anymore. Don’t fall for these tricks no matter how good they sound. That’s exactly it – they sound too good to be true. Also, if you happen to run into a fraud scheme or an offer, be sure to check out all the information regarding the company or people issuing the offer. You want to find legitimate information. If your research comes to fruition and you find out everything is legit – the offer is legit as well. Otherwise, stay far away from that offer and turn it down.

Tips to Detect Medical Identity Theft

While there are some methods of detection which can cost you money, the most common one is simply by constantly checking your purchase history. Visit the hospital where you get your medication and ask them if there were any purchases on your account. You don’t need to do this all the time – do it only when you suspect that someone might have stolen your identity. Also, always keep receipts with you and keep track of your purchase history.

Responding to Medical Identity Theft Incidents – Checklist

The correct way to react to medical identity theft incidents is to report everything to anyone that might help you out. This involves the hospital you visit, police, etc. Also, if you already ran into problems with identity theft, it is the prime time you start keeping your private information protected. Any possible holes that you might have left out could potentially lead to additional medical identity theft. Keep copies of your medical bills, medical records and everything. This way, you’re minimizing the chances of it happening again.

Conclusion

Medical identity theft can lead to many problems if not handled. Things tend to get complicated as more time goes by so it’s best to resolve the issue immediately upon noticing that something isn’t right. Be careful of who you give your personal information to, and stay away from shady offers!

learn more about the impact of medical identity theft on patients and the dangers to patient safety

New Podcast: Medical Identity Theft – What You Should Know

learn more about the impact of medical identity theft on patients and the dangers to patient safety

Eva Velasquez, President and CEO of The Identity Theft Resource Center joined us for our latest podcast centered on the topic of medical identity theft.

The following post was submitted by Jeremy Floyd, VP of Sales with RightPatient®

Identity theft is a term used to describe all types of crime in which someone illegally obtains and uses another person’s personal data in a way that involves fraud or deception, usually for some sort of economic gain (U.S. Depar It is a devastating, horrible crime resulting in huge financial losses and often irreparable reputation damage for the victim. 

Medical identity theft is defined as the act of stealing another person’s insurance information or name in order to illegally obtain medical services, prescriptions, and file claims with an insurance provider. It is a devastating crime that could have serious repercussions for both a patient and a medical provider. Before moving on from this post with the “it will never happen to me” philosophy, you may want to invest time to educate yourself on the effect medical identity theft could have on you or your loved ones, including your children. 

Were you aware that identity theft affects approximately 15 million people in the U.S. per year? Did you know that thieves can steal your child’s social security number BEFORE they are even born to commit medical identity theft? (Wait, what?) Have you heard that more hospitals and medical centers in the U.S. are investing in biometric patient identification solutions to prevent medical identity theft at the point of service?

We had the pleasure of catching up with Eva Velasquez, CEO of The Identity Theft Resource Center about the perils of identity theft and dug into more detail about the horrors of medical identity theft during our discussion. What you will discover after listening to our brand new podcast is that identity theft can be prevented and there are a lot of resources available to consumers to assist them if they have been victimized. 

Download a copy of the podcast here and listen to it on your commute, or wherever may be convenient. Have an idea for a podcast that centers on the topic of patient safety, patient identification, revenue cycle management, or infection control in healthcare? Drop us a note at: info@rightpatient.com with your idea and a suggested guest!

We hope you enjoy this podcast and walk away a little smarter about identity theft. Many thanks to Eva Velasquez and her staff for their time and expertise!

biometric patient identificationJeremy has worked in the biometrics industry for nearly a decade and has real world experience with fingerprint, palm vein, finger vein, iris and face recognition technologies. He currently oversees the RightPatient™ Healthcare division of M2SYS Technology, including sales, business development and project management. Before taking over the Healthcare unit, Jeremy spearheaded the growth of the core biometrics division, working closely with Fortune 500 clients like ADP, JP Morgan & BAE Systems to implement biometrics in large identity management projects.

the use of biometrics to secure PHI access

Improving Patient Engagement with Secure PHI Access

the use of biometrics to secure PHI access

The explosion of mHealth apps and patient portals for PHI access demands more modern patient and clinician identification technologies than user names and passwords.

The following guest post was submitted by Michael Trader, President and Co-Founder of RightPatient®

The rise of digital health tools for PHI access

Encouraging patients to take a more active and engaged role in their healthcare has been a key focus of healthcare providers in the wake of Meaningful Use requirements. What began as an industry mission with specific benchmarks and goals has since manifested into the actual use of myriad digital tools and platforms that are educating, engaging, and working to empower patients to increase accountability and responsibility for their own health and, when applicable, the health of their families. In fact, a recent HIMSS survey on how mobile apps and portals improve patient engagement indicated that on the provider side:

  • 73% of organizations used app-enabled patient portals to increase consumer participation in their overall health and wellness goals as well as meet relevant Stage 2 and Stage 3 Meaningful Use requirements under the Medicare and Medicaid EHR Incentive Programs.
  • Nearly half of those polled stated that “implementation of mobile services for access to information is a high priority at their organization.” Additionally, more than half – 57 percent – indicated that their facility implements a mobile technology policy, which often has a focus on mobile health security capabilities.
  • About one-third of polled healthcare organizations stated that they provide “organizational-specific apps” to the patient community.

(source: http://mhealthintelligence.com/news/how-mobile-health-apps-portals-improve-patient-engagement) 

One important facet in the goal to improve patient engagement is providing easier and faster access to personal health information (PHI). Manifested through Meaningful Use Stage 2, the benchmark is stated as:

Provide patients the ability to view online, download and transmit their health information within four business days of the information being available to the EP. (source: http://www.healthit.gov/providers-professionals/achieve-meaningful-use/core-measures-2/patient-ability-electronically-view-download-transmit-vdt-health-information

The idea is for healthcare providers to reach beyond traditional means of accessing PHI (think in person visits) and adopt digital health tools for easier, faster, and more convenient ways of accessing this data (think patient portals and provider mHealth apps). In concept, increasing the availability of tools and platforms to access PHI is a good thing — it caters to increasing patient demand to offer greater PHI accessibility through resources that offer more convenience and are in lockstep with the rise of the digital health movement. However, the explosion of digital tools for PHI access carries an inherent risk that patient identities will be compromised, stolen, or shared leading to a sharp increase in fraud and medical ID theft that poses a direct threat to not only patient safety and provider medical error liability, but also to the rising cost of healthcare. Not to mention the fact that the rising use of digital tools to access PHI compromises patient data integrity which is critical to maintain because of the ripple effect it has on the ability to provide accurate care along the continuum and the confidence it represents to successfully participate in health information exchanges (HIEs).  

Keep in mind that each time a perpetrator commits healthcare fraud or medical ID theft, the fallout of legal fees, settlement costs, and expenses to restore an identity are passed down to ALL patients in the form of higher fees for medical services. Therefore, collectively there is a pressing need to ensure that adoption of stricter and more secure methods of patient identification must run parallel to the rise in digital tools and platforms for safe access to PHI. Otherwise, patients may not be as willing to use these tools for fear of medical ID theft or unlawful access to their PHI data which directly compromises their safety, security, and privacy. 

Monetary damages are only the tip of the iceberg for healthcare organizations when discussing the impact of fraud and medical ID theft. It was been well documented that reputation can be negatively effected when patients perceive or a data breach confirms that healthcare providers are not taking the necessary action to increase PHI access security.

How can we correlate an increase in quality patient engagement with secure PHI access? Patient engagement is, without a doubt, a key linchpin to the success of healthcare’s triple aim. Simply stated, it is not possible for the healthcare industry to achieve the goals of lower costs, an enhanced patient experience, and improving population health in the absence of strong and sustainable patient engagement.

Securing PHI access for higher levels of patient engagement

Scour the internet for articles that cover patient willingness to use digital health IT tools to access PHI and you will discover that despite the industry wide effort to adopt tools that provide more convenient and faster access to medical data, few patients are actually doing so. In fact, a recent survey revealed that just 21% of respondents said they use the Web to access their health data. Meanwhile, 10% said they use e-mail and 40% view the data in person

The reason behind patient unwillingness to use mHealth tools and portals for PHI access runs the gamut from dissatisfaction with mobile health applications to challenges in finding and using instructions, data inaccuracy, and device malfunctions or data syncing issues. Furthermore, issues related to poor mHealth app and portal security have hampered more widespread adoption of these tools and stoked patient fears that their privacy could be compromised by using them.

Setting aside those with opinions that privacy can never exist in the healthcare industry, the link between patient confidence and trust that their identities and PHI are protected when using mHealth apps or patient portals is palatable and has a direct effect on their willingness to use these tools as part of their overall care.

First, it’s important to distinguish the difference between “privacy” and “security” as it applies to healthcare data. HIMSS does an excellent job of breaking down the differences:

“Privacy” is the right of an individual to make choices with respect to the collection, use and disclosure of their data; “security” is the safeguards – physical, administrative and technological – used to protect the confidentiality, integrity and availability of the data. Because the challenges are many, there is a tendency to focus on “security” in mHealth. Patient privacy cannot be achieved without adequate data safeguards; however secure devices do not necessarily preserve patient privacy. (source: http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=30406

One of the largest impediments to widespread adoption of mHealth tools, portals, and other digital health platforms is inadequate mobile security policies that fail to take into account the necessity of adopting more modern patient identification tools that are commensurate to the data they protect.  For example, most healthcare providers continue to use user name and passwords to protect patient identities when using mHealth tools and portals. While these may have once been permissible security protocols in the past, these identity verification methods are now considered antiquated and should be replaced. Even though user names and passwords have proven to no longer be secure enough to protect patient identities, almost all healthcare providers still rely on their use for mHealth apps and patient portals. 

Secure PHI access requires modern patient and clinician ID technology

If healthcare providers expect patients to adopt mHealth tools and patient portals as a more convenient way to access PHI, the implementation of stronger and more secure identification technology is critical. Most healthcare security experts agree that due to the large amount of PHI data moving across provider locations via mHealth apps and patient portals, stronger security is needed to prevent data breaches if a patient’s identity is compromised. Plus, the increasing complexity of mHealth apps and their distinct ability to sync PHI data across multiple devices raises important questions about how to properly protect patient privacy  to ensure HIPAA compliance for these new tools. 

Securing PHI access is not limited to patient interactions with mHealth tools or patient portals however. A sound strategy to secure mobile and remote access to this sensitive data is required not only for patients, but also for any clinician that has access to mobile technologies. A 2014 HIMSS Analytics Mobile device study reported that:

…approximately one-quarter of US hospitals (28 percent) reported that smartphones are in use at their organization. On average, 169 devices are deployed per hospital. In comparison, 24 percent of US hospitals reported that tablet computers are in use at their organization, with an average of 37 devices deployed per hospital. (source – https://capsite.himssanalytics.org/assets/Uploads/2014-Mobile-Essentials-Brief-TOC12914.pdf)

Healthcare organizations must plan to implement a technology that has the flexibility to be used for secure patient and clinician identification, usually through a strategic combination of a strong single sign-on (SSO) platform to establish strict identification checks and provide a concrete audit trail of data access history with an enterprise-wide patient ID solution to secure remote access to PHI from mHealth apps and patient portals. The modern identification technology of choice for many healthcare providers to meet the rising demand for tighter security to access PHI is biometrics.

Lack of a strong PHI access policy can also have a negative impact on provider reputation. In a recent report on medical identity theft by The Ponemon Institute, 79% of patients surveyed said it is “very important” for healthcare providers to ensure the privacy of health records and allow them to have direct control of their health records.  

Why biometrics?

The HIPAA Privacy Rule requires healthcare organizations to secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. Once considered secure identification criteria, user names and passwords are now considered antiquated and unable to offer strong protection to secure PHI access largely due to the fact that:

  • Most patients don’t want to worry about memorizing a complex password and thus default to using a simplistic password that’s easily guessable.
  • Most patients use the same password for many accounts, resulting in one key that unlocks dozens (or hundreds) of doors.
  • Most patients don’t even keep their passwords in secret. Everything from Netflix accounts to bank accounts to web accounts to video game accounts are often shared between friends, family members, and even strangers.

The use of biometrics for individual identification poses a much more secure and flexible technology to address the pressing need for healthcare to adopt stricter PHI access security protocols. Why?

We have written extensively about the applicability of biometric patient identification to improve patient safety in healthcare. Biometrics relies on identifying patients and clinicians by who they are, rather than what they have (ID badges) or what they know (user names, passwords) which can be more easily stolen or shared. Biometric identification technology is a more secure method to identify patients in self-driven interactions by allowing them to use the camera or microphone on their smartphone or tablet and use facial or voice recognition biometrics for accurate authentication. Biometrics offers more flexibility and convenience because it has the ability to be implemented at patient touchpoints where user name and password entry would be cumbersome and inappropriate — home health settings for example.   

The use of biometrics for identification also offers a concrete PHI access audit trail, a more accurate tracking mechanism than user names or passwords which can easily be shared and often skew analytics because it’s impossible to determine the actual individual using the credentials. This is important because litigation often relies on these audit trails used in the defense of medical identity theft or healthcare fraud claims.

Conclusion

Participation in portals and the use of mHealth and other mobile apps to access PHI is a key catayst to increase patient engagement in healthcare. Patients must have the confidence in their healthcare provider that their PHI is easily accessible and protected with the strongest authentication security on the market that ensures their privacy and safety. User names and passwords are no longer sufficient authentication credentials to meet the expanding need to offer a more flexible, scalable, and more secure identification technology for mHealth apps and patient portals.

Equally important is protecting clinician access to sensitive PHI data. Protocols must be implemented that abandon user names and passwords in favor of technologies such as biometrics that are more secure, less susecptible to being stolen or shared, and leave a concrete PHI data access audit trail. 

Have questions about the use of biometrics for patient identification in healthcare? Feel free to leave a comment or question below.