Posts

medical identity theft prevention

Medical Identity Theft: How Hospitals Can Reduce Risk

medical identity theft prevention

Medical identity theft can be just as damaging to hospitals as it is to patients. Learn more about what hospitals can do to protect themselves from falling victim to medical identity theft. (Photo courtesy of Shutterstock)

Hospitals are generally considered to be a place to seek refuge — a safe haven for both employees and patients alike. Unfortunately, this isn’t always the case. Incidents of medical identity theft are becoming more and more common. Issues involving improper use and disposal of data, hacking, and theft result in not only adverse financial consequences but can also even have negative impacts on healthcare and personal well-being. Identity theft is something that every hospital needs to be aware of and prepared for — these steps can be helpful in preventing medical identity theft and ultimately reducing your hospital’s risk.

Reduce risk associated with personal patient information

The use and storage of patient’s social security numbers is the main source of vulnerability when it comes to identity theft. Data breaches and entry errors can mean that a patient’s information can fall into the wrong hands — compromising the safety of both the individual and the hospital itself. While much of the fraudulent use of patient information comes from stolen or leaked data, verbal or physical forms of sensitive patient information can also end up in the wrong hands. Hospital employees should take care to never discuss patient information in public areas, or with friends and families. In addition, physical forms including patient charts and records (even if they only contain the name of the patient) should be safely used and stored.

Ensure that secure methods are used in storage of patient health information

Every health organization should take necessary measures in order to ensure the safety and security of patient information. An investment in appropriate health IT may be costly up front, but it could end up providing endless savings — both financial, and otherwise — in the long run. Additionally, the use of a unique health safety identifier (UHSI) is a great measure to strengthen information and data security, with positive results extending all the way to the patient.

Avoid storing personal information of patients unless absolutely necessary

While many healthcare providers perceive that patient information — including social security numbers — must be stored for billing and insurance purposes, this simply isn’t the case. The storage of sensitive information (like social security numbers) isn’t always needed, and unnecessarily doing so may pose a risk for the patient and the hospital.

Dispose of patient information responsibly

Just as sensitive information should not be stored unless absolutely necessary, it is also imperative that patient information be disposed of in a responsible manner. Outdated or unused medical information, forms, and billing data should be shred or erased completely when no longer needed.

Assemble and utilize an advisory committee

In any healthcare setting, it is beneficial to have a diverse team of leaders that comes together to regularly review and assess security issues and vulnerabilities. By raising awareness and discussing perceived risks, hospital leaders can be well-informed when it comes to making decisions and implementing efforts to reduce risks and protect sensitive information.

how hospitals can prevent medical ID theft in healthcare

(Photo courtesy of Shutterstock)

Respond appropriately to issues and concerns

Not only can an advisory committee help prevent against identity theft, but the designated team of experts can be essential in addressing issues promptly and adequately. Utilization of an inventory system that tracks all processes and systems that contributed to the security breach can allow for the hospital to pinpoint the weaknesses and make necessary improvements. Once an issue is discovered, the advisory committee will be better prepared to — while looking at the data inventory — prioritize areas of concern and make adjustments that are needed.

Educate the patients themselves

As many hospitals strive to do the best they possibly can when it comes to securing patient information, actually sharing statistics and suggestions with the patients themselves can further improve the security of that information. Patients should be encouraged to keep their cards and information in a safe place and should be told to take caution when sharing sensitive details. Patient participation is crucial when it comes to combating identity theft and security tips and suggestions can be posted as signs throughout the hospital — or given to the patients in a brochure.

Medical identity theft is increasingly becoming a great threat to the safety of patients and health care providers. While there are many ways that patient information can end up in the wrong hands, there are fortunately many ways that both hospitals and patients can prevent this from happening. By working together and considering these tips, hospital staff members can ensure that the information of their patients can remain as secure as possible.

medical identity theft in healthcareAuthor bio: 

Joanna Sommer is the Senior Editor for InformedMag and is passionate about security and tech. She has been working in the home safety and security field for 5 years. Joanna loves to travel and enjoys going to hot yoga and Barre classes. She is dedicated to creating articles that both educate and help people make an informed purchasing decision.

prevent medical identity theft

Medical Identity Theft – Detection & Prevention Tips

prevent medical identity theft

Follow these simple tips to prevent the dangers of medical identity theft from jeopardizing your patient safety.

The following guest post was submitted by Ryan Moalemi. 

In this day and age, people get increasingly restless if they don’t get their daily ‘fix’ of substances. The main cause for medical identity theft is trying to get drugs which you otherwise can’t get. Drug users who are addicted to certain drugs need a special pass if they want to get those drugs. If you don’t have this pass, you cannot buy the drug.

Medical Identity Theft isn’t something that occurs rarely. Unfortunately, it’s a daily happening, and it can get pretty nasty if left unchecked. There are numerous ways to protect yourself against Medical Identity Theft, but you’ll also need to know how to react if it happens. When people are desperate, they can do desperate things, going as far as stealing your identity to buy themselves drugs. Here are some tips on how to prevent and detect Medical Identity Theft:

Medical Identity Theft – What is it?

Medical identity theft isn’t much different than regular identity theft. However, the purpose here is to buy drugs, get health care at your expense, etc. Anything related to the medical field is a reason for people to steal your identity if they can’t get what they want. Most countries don’t have pictures of patients on their medical cards which is why it can be pretty easy for people to steal your identity. Of course, there are countries where are the details are listed and available to the medical staff to prevent theft and make it easier for them to go through your details.

Protecting your Personal Information

If you want to avoid having your identity stolen, you will need to know how to protect your personal information. The first step is to keep as much information about yourself to yourself except in cases where it’s necessary to share. Don’t let too many people know all of your personal information. You can also check out some Identity Theft Protection to get even more protection. There are various measures you can take to do this, but the best thing is not to share too much.

Stay Away From Common Fraud Schemes

The most common fraud schemes involve offers which you should take instantly because it’s excellent. If you don’t take the offer, you will regret it because it won’t be good anymore. Don’t fall for these tricks no matter how good they sound. That’s exactly it – they sound too good to be true. Also, if you happen to run into a fraud scheme or an offer, be sure to check out all the information regarding the company or people issuing the offer. You want to find legitimate information. If your research comes to fruition and you find out everything is legit – the offer is legit as well. Otherwise, stay far away from that offer and turn it down.

Tips to Detect Medical Identity Theft

While there are some methods of detection which can cost you money, the most common one is simply by constantly checking your purchase history. Visit the hospital where you get your medication and ask them if there were any purchases on your account. You don’t need to do this all the time – do it only when you suspect that someone might have stolen your identity. Also, always keep receipts with you and keep track of your purchase history.

Responding to Medical Identity Theft Incidents – Checklist

The correct way to react to medical identity theft incidents is to report everything to anyone that might help you out. This involves the hospital you visit, police, etc. Also, if you already ran into problems with identity theft, it is the prime time you start keeping your private information protected. Any possible holes that you might have left out could potentially lead to additional medical identity theft. Keep copies of your medical bills, medical records and everything. This way, you’re minimizing the chances of it happening again.

Conclusion

Medical identity theft can lead to many problems if not handled. Things tend to get complicated as more time goes by so it’s best to resolve the issue immediately upon noticing that something isn’t right. Be careful of who you give your personal information to, and stay away from shady offers!

learn more about the impact of medical identity theft on patients and the dangers to patient safety

New Podcast: Medical Identity Theft – What You Should Know

learn more about the impact of medical identity theft on patients and the dangers to patient safety

Eva Velasquez, President and CEO of The Identity Theft Resource Center joined us for our latest podcast centered on the topic of medical identity theft.

The following post was submitted by Jeremy Floyd, VP of Sales with RightPatient®

Identity theft is a term used to describe all types of crime in which someone illegally obtains and uses another person’s personal data in a way that involves fraud or deception, usually for some sort of economic gain (U.S. Depar It is a devastating, horrible crime resulting in huge financial losses and often irreparable reputation damage for the victim. 

Medical identity theft is defined as the act of stealing another person’s insurance information or name in order to illegally obtain medical services, prescriptions, and file claims with an insurance provider. It is a devastating crime that could have serious repercussions for both a patient and a medical provider. Before moving on from this post with the “it will never happen to me” philosophy, you may want to invest time to educate yourself on the effect medical identity theft could have on you or your loved ones, including your children. 

Were you aware that identity theft affects approximately 15 million people in the U.S. per year? Did you know that thieves can steal your child’s social security number BEFORE they are even born to commit medical identity theft? (Wait, what?) Have you heard that more hospitals and medical centers in the U.S. are investing in biometric patient identification solutions to prevent medical identity theft at the point of service?

We had the pleasure of catching up with Eva Velasquez, CEO of The Identity Theft Resource Center about the perils of identity theft and dug into more detail about the horrors of medical identity theft during our discussion. What you will discover after listening to our brand new podcast is that identity theft can be prevented and there are a lot of resources available to consumers to assist them if they have been victimized. 

Download a copy of the podcast here and listen to it on your commute, or wherever may be convenient. Have an idea for a podcast that centers on the topic of patient safety, patient identification, revenue cycle management, or infection control in healthcare? Drop us a note at: info@rightpatient.com with your idea and a suggested guest!

We hope you enjoy this podcast and walk away a little smarter about identity theft. Many thanks to Eva Velasquez and her staff for their time and expertise!

biometric patient identificationJeremy has worked in the biometrics industry for nearly a decade and has real world experience with fingerprint, palm vein, finger vein, iris and face recognition technologies. He currently oversees the RightPatient™ Healthcare division of M2SYS Technology, including sales, business development and project management. Before taking over the Healthcare unit, Jeremy spearheaded the growth of the core biometrics division, working closely with Fortune 500 clients like ADP, JP Morgan & BAE Systems to implement biometrics in large identity management projects.

biometric patient ID in healthcare

Our Top Five Biometric Patient Identification Blog Posts of 2015

biometric patient identification in healthcare

Read through some of our most popular blog posts on biometric patient identification in healthcare during 2015

2015 was an important year of growth and innovation for RightPatient®. We started this blog two years ago to help educate the healthcare community on the importance of establishing secure, accurate patient identification in healthcare and to establish a trusted resource to help understand how the use of biometrics for patient ID has proven to be an important tool to help increase patient safety, eliminate duplicate medical records, improve revenue cycle management, and prevent medical identity theft and fraud. 

Throughout our journey, we have shared many important posts demonstrating how our hospital partners have successfully implemented biometrics for patient identification and provided real life examples of the post deployment benefits realized. Among the dozens of posts the RightPatient® team posted during 2015, the following posts were the most popular:

  1. Uniting Accurate Patient Identification with Secure Single Sign-On (SSO) to Improve Data Integrity in Healthcare: In an effort to help continue increasing patient data integrity in healthcare, we announced a new partnership with Healthcast,  the #1 ranked single sign-on solution (KLAS, 2014) to increase patient safety and secure access to patient data. 
  2. RightPatient® Prevents Healthcare Fraud at University Health SystemHealthcare fraud and medical identity theft are two rising concerns for healthcare organizations because they jeopardize patient safety, raise the cost of care, and could lead to non-reimbursable medical procedures. University Hospital in Augusta, GA recently was able to prevent healthcare fraud in their ER through the use of the RightPatient® with photo biometrics.
  3. Removing the Word “Scan” from Iris Recognition for Healthcare BiometricsFueled by Hollywood sensationalism, iris recognition biometric identification is often depicted as “scanning” a person’s eyes with visible light. The fact is, no visible light is used with iris recognition and instead of a “scan,” iris biometrics takes a high resolution digital photograph. 
  4. Identify Unconscious, Unknown Patients with Biometric Identification TechnologyThe difficulty to identify an unconscious or disoriented patient jeopardizes patient safety in healthcare. Biometric patient identification has emerged as a technology capable of identifying patients in these conditions, but did you know that not all biometric patient ID solutions have the ability to identify unconscious or disoriented patients? 
  5. Biometric Patient Identification Implementation Should Be Higher On The Priority ListDespite the fact that accurate patient identification affects so many downstream clinical and financial activities, hospitals and healthcare organizations are still not placing enough emphasis on evaluating implementation and use of this technology as a priority. 

We will continue to research and write educational and informational posts during 2016 about the rising use of biometrics for patient identification in healthcare including case studies and examples of how our technology is helping hospitals around the world to: eliminate duplicate medical records, prevent medical identity theft and fraud, increase patient data integrity, and improve patient safety. 2015 was a year of significant growth for RightPatient® as we continue working toward our mission to offer the most innovative and comprehensive patient identification solution that increases patient safety, reduces costs, improves the quality of care, and enhances the patient experience. 

Curious to know more about the use of biometric patient identification in healthcare? Is there a topic that you would like to learn more about? Drop us a message at: jtrader@rightpatient.com with your ideas and suggestions!

Thank you for being a part of our blog community!

biometric patient identification prevents healthcare fraud

RightPatient® Prevents Healthcare Fraud at University Health System

RightPatient® Prevents Healthcare Fraud at University Health System

Through the use of photo biometrics, the University Health System was able to catch a patient attempting to commit healthcare fraud in the ED.

Healthcare Fraud Jeopardizes Patient Safety and Raises the Cost of Care

Emergency Departments (ED) can be subjected to healthcare fraud from individuals without insurance seeking care, especially those with manageable chronic conditions. These patients often go to hospital EDs because they don’t have access to any source of care and in a large number of cases, attempt to defraud the healthcare system by providing different names, dates of birth, or other demographic information during registration. 

Hospital patient access staff on alert for healthcare fraud often must strike a tricky balance of ensuring a patient receives timely care with the need to identify and prevent these individuals from illegally obtaining medical services that could raise liability and possibly harm the patient.

Patients who may be trying to defraud the system can raise the cost of care for all of us with most of the cost to treat these individuals passed on to insurance providers that raise premiums to subsidize care provided to the uninsured. It’s a persistent problem in healthcare that jeopardizes patient safety.

Medical Identity Theft and Healthcare Fraud are Persistent Patient Safety Problems in Healthcare

The National Health Care Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year. The Ponemon Institute released a study earlier this year that reported a 21.7% increase in medical identity theft cases since the previous year’s study.

A costly and often complex and time consuming issue to resolve, healthcare fraud and medical identity theft often financially decimate victims and healthcare institutions and can have a ripple effect that negatively impacts provider reputation. Add to that evolving patient expectations that healthcare providers are taking the necessary steps to protect their identities and ensure the privacy of their protected health information (PHI), and it’s clear that this is a festering problem in the industry that deserves immediate and swift preventative action.

Implementing Biometric Patient Identification to Identify Potential Healthcare Fraud

When University Health System staff sat down to address the problem of healthcare fraud and began to assess patient authentication technology options that had the potential to prevent it, they decided to deploy RightPatient® biometric patient identification as part of an overall strategy to increase patient safety, eliminate duplicate medical records, and prevent medical identity theft and fraud throughout their network. Using photo biometrics as their preferred modality, University launched the RightPatient® patient identification system in the summer of 2015 at both hospitals in their network and began registering patients and linking their unique biometric credentials to a single electronic health record (EHR).

Thusfar, the deployment has been a resounding success, with over 99% of patients opting in to ensure the safety and privacy of their PHI. University placed a great deal of emphasis to ensure their staff understood why the RightPatient® solution was implemented and meticulously trained patient access personnel on how to properly use the system prior to launch.

Their efforts paid off.

Recently, a patient was registered through the ED in the RightPatient® system, and then returned to the same ED days later claiming a different date of birth and a different last name. Following hospital registration protocol, the patient access representative took the patient’s photo with an iris camera and the RightPatient® system immediately flagged the patient’s medical record and instantly notified staff that the patient had previously enrolled with their biometric credentials already linked to another unique EHR. University staff then realized that the patient was attempting to assume another identity and took action to prevent it.

Even if this patient had enrolled in the RightPatient® biometric patient identification system at another location within University’s network, they still would have been flagged as a potential fraud case if they returned to a different facility due to the fact that RightPatient® seamlessly integrated with University’s Epic EHR system and can be used at any point along the care continuum, regardless of the patient’s physical location within the network (RightPatient® can even be used to authenticate an identity on patient portals and mHealth applications!).

Conclusion

The persistent and dangerous problem of medical identity theft and healthcare fraud is a direct threat to patient safety but also has repercussions that impact many other facets of care delivery. Implementing modern patient identification technologies that have the unique ability to prevent healthcare fraud should be a key goal for any medical facility set on improving safety, lowering liability, and raising the quality of care. The University Health System case clearly demonstrates that RightPatient® deters medical identity theft and healthcare fraud throughout the care continuum by linking a patient’s unique biometric credentials to one medical record.

Thank you to the staff at University for allowing us to share this story with our community!

photo biometrics stopped healthcare fraud

RightPatient® Helps Hugh Chatham Memorial Hospital Fight Healthcare Fraud

photo biometrics for patient identification prevents healthcare fraud

Hugh Chatham Memorial Hospital recently used photo biometrics to prevent healthcare fraud.

Prescription Drug Abuse 

Eliminating fraud is a pressing issue in healthcare that continues to threaten patient safety. The FBI states on their Web site: “With no signs of slowing down, healthcare fraud is a rising threat, with national health care expenditures estimated to exceed $3 trillion in 2014 and spending continuing to outpace inflation.” (source:  https://www.fbi.gov/about-us/investigate/white_collar/health-care-fraud). On average, healthcare fraud accounts for 10% of our nation’s annual healthcare expenditure.

One form of healthcare fraud seen in emergency departments at hospitals around the country is individuals attempting to commit identity theft in order to obtain prescription medication.With approximately 8.76 million people in the U.S. abusing prescription medication (source: https://www.columbusrecoverycenter.com/prescription-drug-abuse-in-america/) and the lion’s share of those medications coming from a doctor’s prescription, medical facilities are proactively stepping up their efforts to implement stronger patient identification safeguards to ensure that the problem is addressed. After all, many patients may not understand the health dangers and risks of someone stealing your identity and inaccurate health data being attributed to your medical record – it is extremely dangerous and could result in serious injury, even death should a clinician act on incorrect protected health data (PHI) in your medical record. 

Just how bad is the problem of prescription drug abuse in the U.S.? Consider the fact that every day in the United States, 44 people die as a result of prescription opioid overdose. Fortunately, there are tools available to catch identity fraud at the point-of-service in hospitals before harm is done.

Using Photo Biometrics to Deter Healthcare Fraud

Hugh Chatham Memorial Hospital implemented the RightPatient® patient identity management solution using photo biometrics to help support patient safety, eliminate duplicate medical records, and prevent and deter medical identity theft. Recently, a patient arrived at the Hugh Chatham Memorial Hospital emergency room seeking treatment for an injury that according to the patient had just occurred in the prior hour. The patient signed in under a fraudulent name, date of birth, address, invalid marital status, a disconnected phone number, invalid employment status, fraudulent emergency contact, and an invalid social security number. The patient proceeded with registration, and signed all admission paperwork under the fraudulent information.

During the registration process, the registration clerk used the RightPatient® photo biometrics solution to enroll the patient since this was (according the patient) the first time they had ever been to the hospital. The RightPatient® system worked just as it was designed, sending the registration clerk an alert that indicated the patent had been previously enrolled and that their biometric credentials had already been linked to another unique electronic medical record, providing the medical record number the patient had been registered under.

The clerk was then able to access the medical record the patient had been previously registered under and after review, Hugh Chatham was able to see other visits for that same day in other clinic/practice locations. A decision was made to contact local authorities.

Thanks to the RightPatient® software and the efforts of this staff member, Hugh Chatham Memorial Hospital was able to securely identify the patient, avoid duplicate medical records, prevent identity theft and associated healthcare costs, and help maintain a safe environment for patients. 

Conclusion

Encouraging healthcare facilities to implement safeguards that ensure accurate patient authentication through technologies such as photo biometrics has been our mission since we founded RightPatient®. We will continue to share our success stories with others to help educate and inform in the overall effort to remove fraud and increase patient safety in healthcare.

Have a story on how the use of biometrics prevented a potential case of healthcare fraud? Please share it with us in the comments!

mhealth requires strict patient identificaiton

UCLA Breach Reinforces Importance to Protect Patient PHI

mhealth requires strict patient identificaiton

The recent UCLA data breach is a strong reminder that healthcare organizations should consider the use of biometrics such as facial or voice recognition to protect patient PHI on mobile devices and patient portals.

It’s probably unfair to say that the recent UCLA Medical Center data breach that potentially exposed the personal health information (PHI) of 4.5 million patients was a wake up call for the healthcare industry to implement tighter data security protocols. In fact, it wasn’t a wake up call at all.

Healthcare data breaches have proliferated over the last five plus years, and the Health and Human Services (HHS) public “wall of shame” list of healthcare data breaches involving 500 or more individuals is…well….let’s just say a tad crowded. Since HHS began the list in 2009, 1,265 breaches exposing the records of nearly 135 million people have made the list. Ouch. The UCLA data breach isn’t groundbreaking news, it is simply another chapter in the long novel of healthcare data breaches that have placed millions of patients at risk by exposing their PHI and in some cases, social security numbers and personal demographic information. 

The UCLA breach also foreshadows rising demand for tighter security protocols to protect PHI from unauthorized access on patient portals, mobile devices, and other new touchpoints. This rise of additional patient touchpoints to access PHI has vaulted establishing tighter security controls into the spotlight beyond traditional means of authentication. History has shown that username/password-based security is inadequate on mobile devices, yet healthcare organizations continue to adopt technology that uses this method to authenticate patients. Considering the high stakes to protect patient PHI, the UCLA data breach wasn’t a wake up call – it moved the needle to protect patient PHI to Defcon 1. 

The HIPAA Privacy Rule mandates that healthcare organizations secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. The introduction of touchpoints such as patient portals and mobile devices changes the dynamic of protecting patient PHI because it demands adopting strategies that include using modern patient identification systems yet many healthcare organizations continue to rely on antiquated security solutions.  

Healthcare organizations must now consider patient identification systems that can address accurate authentication at each and every touchpoint along the care continuum, far beyond simply implementing technology that covers patient ID at office visits. 

Implementing accurate patient identification when accessing PHI from mobile devices and patient portals must balance strong security with convenience and speed, which is why technologies such as facial and voice biometrics are gaining popularity. The use of biometrics to protect patient PHI is a smart investment, especially if healthcare organizations deploy a solution that offers the flexibility to be used during hospital/office visits and on each and every touchpoint a patient now has the ability to utilize as a means to access health data. Biometric patient identification solutions offer stronger security than user names and passwords and have proven to be more efficient and convenient by eliminating the need and frustration to remember multiple login credentials.

As we experience a sharp rise in patient driven interactions within the healthcare system that offer more avenues for criminals and hackers to access PHI, it is critical that healthcare organizations implement modern identification solutions that have the ability to better protect this information. Biometrics to protect patient PHI is quickly gaining attention as a security solution that can serve this need. Although it’s impossible to determine whether or not biometrics could have helped prevent hackers from obtaining access to protected patient PHI in the UCLA data breach, the use of this technology can help to offer a secure layer of protection that can deter hackers from even attempting to try.