Preventing Medical ID Theft Can Combat the Effects of Healthcare Data Breaches

September 14, 2021/5822 views / 0 Comments/in BLOG, Data Breach, Data Integrity, EHR, healthcare, Medical Identity Theft, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

We talk about a lot of healthcare topics regularly on our blog but the most common one is healthcare data breaches. That’s because hackers are targeting healthcare providers every day to steal patient information – leading to much too frequent data breaches. Unfortunately, today is no different as we take a look at some recent data breaches and how some of the hospitals are responding. However, the consequences of most data breaches, medical ID theft, CAN be mitigated with accurate patient identification, ensuring safety in healthcare facilities – more on that later.

Healthcare data breaches update

Over 3 million patients’ information was exposed this August

It’s frightening how both the number of data breaches and patients at risk from them keep on increasing. Just last month, over 3.3 million patients’ confidential and sensitive information was exposed due to data breaches at hospitals and health systems, as per HHS’ breach portal.

Out of them, St. Joseph’s/Candler Health System identified around 1.4 million patients’ information at risk, University Medical Center of Southern Nevada saw 1.3 million, and over 637,000 patients’ information was compromised at UNM Health.

Over 600,000 patients’ information exposed

DuPage Medical Group identified unauthorized activity on its computer network – resulting in shutting down access to it. However, around 600,000 patients’ information was put at risk due to unauthorized activity. Information such as names, dates of birth, addresses, Social Security numbers, and diagnosis codes was exposed. As is standard with healthcare providers, the group is providing complimentary services to the affected patients.

More than 171,000 patients at risk of being medical ID theft victims

Metro Infectious Disease Consultants, a physician group of over 100 physicians, identified that over 171,000 patients’ data was exposed due to hacker(s) breaching employee email accounts. After a thorough investigation, the physician group came up with the aforementioned number, secured the employee email accounts, and saw that names, date of birth, Social Security numbers, and medical information was exposed. It also announced that the affected patients will be offered complimentary services.

Around 12,000 patients’ information exposed due to a phishing attack

One of the most common methods used by hackers is phishing, and that’s how one of them hacked Revere Health and got access to around 12,000 patients’ information. To prevent it from happening further, Revere Health is sending “phishing” emails to test their employees and provide the ones who click on it with training – quite an innovative approach.

Medical ID theft is the common consequence of data breaches

Hackers can sell stolen patient information for up to $1000 in the black market, which is why it’s so lucrative for them and the reason for so many healthcare data breaches we read about every day.

Fraudsters buy these stolen patient records from the hackers and then get healthcare services using the victims’ information, but there’s more to it.

Since the fraudsters are being “treated” using the medical records of the victims, the EHRs contain someone else’s information, rendering them corrupt, dangerous, and unusable. If these corrupt records are not prevented or detected immediately, then the actual patient will be receiving the wrong medical care – making it extremely dangerous for them. Moreover, the patients will be receiving bills for healthcare services they never got.

Healthcare providers, on the other hand, might get hit with lawsuits, not receive the payment, and face patient safety incidents.

While data breaches seem inevitable, the most common consequence (medical ID theft) can be mitigated with RightPatient – improving patient safety in the process.

RightPatient prevents medical ID theft in real-time

One of the biggest reasons why fraudsters get away with committing medical identity theft is because most hospitals and health systems cannot ensure accurate patient identification. Fortunately, RightPatient is a touchless patient ID platform that has a vast amount of experience identifying patients accurately and can prevent medical identity theft in real-time.

During the registration process, patients only need to look at the camera – RightPatient attaches a photo of the patient with their EHR. When the fraudster arrives to access services, they’ll need to go through the same process, and since they are not the actual patient of the hospital, their EHR will not be verified. The platform will alert the registration team that the fraudster actually isn’t the patient – preventing medical identity theft in real-time.

RightPatient has been successfully preventing medical identity theft, protecting millions of patient records across different hospitals, and ensuring patient safety for years. If you want to do the same at your healthcare facility, contact us now to learn more about how we can help you.

How to Protect Patient Information as Data Breaches Become a Topmost Concern

August 25, 2021/5880 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, Data Integrity, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Safety /by Matt Gibson

We’ve talked about data breaches in hospitals and health systems more times than we can count. Unfortunately, these unwanted incidents just keep on happening, and even when the pandemic was at its peak, hackers didn’t stop. Thus, it isn’t a surprise that many healthcare executives are wary about cyberthreats that loom in the dark, just biding their time and waiting to attack more hospitals and steal patient information. That being said, let’s take a look at some recent cyberthreats faced by hospitals, what healthcare execs are saying, and how to protect patient information even if there is a data breach.

Most healthcare experts are worried about cyber threats

Let’s take a look at some of the recent worrying trends in health IT, according to some respected healthcare executives.

Half of them stated that the frequency of cyber-attacks on healthcare facilities is one of their primary concerns now – let’s explore the issue in detail.

Out of these execs, one of them expects that this will continue to be a huge problem for the foreseeable future – a worrying but accurate prediction, unfortunately.

Another exec stated that such cyber-attacks put patient data, arguably one of the most sensitive pieces of information available within hospitals, at huge risk. We’re inclined to agree, as most data breaches end up with hackers stealing patient information and selling it to fraudsters who commit medical identity theft down the line. Many caregivers, as a result, are searching for answers to the billion-dollar question – how to protect patient information.

Another exec stated that cyberattacks are rapidly evolving as hackers come up with innovative ways to attack and lock or steal patient information – something quite challenging to keep up with.

One of the execs that is worried about cyber-attacks stated that hackers and these issues hinder them from doing their jobs properly, which is to care for their patients. He also stated that effective cybersecurity practices and far more assistance are required to tackle cybersecurity and keep costs in check.

Another of these execs predicts that more hospitals and health systems will be focused on improving some aspects such as better integration between platforms, patient consumerization, and strategies that help with cybersecurity efforts.

However, not all healthcare executives chose cyber-attacks as their primary worries.

Others chose:

The boom of startups that give unrealistic expectations, taking up a lot of money from investors.
Mergers and acquisitions.
Mandates about sharing health information that are quite unclear and might be detrimental.
Clinician burnout due to EHR coding, among other issues.
Ensuring equity during telehealth visits.

While all of them are quite valid concerns, the biggest concern is how to protect patient information effectively – healthcare data breaches are occurring as we speak.

Hospitals must protect patient information effectively as data breaches are rampant

On the 15th of April, a phishing attempt was successful – unauthorized individual(s) got access to login credentials of an employee of Orlando Family Physicians. After a thorough investigation, it was found that three other employee accounts were accessed. While the access has been revoked, over 447,000 patients were exposed, such as names, health insurance data, Social Security numbers, and more. This is just a classic case of data breaches – something that has been repeating itself for several years in many hospitals and health systems.

Fortunately, as we mentioned at the beginning of the article, doing something about protecting patient data and preventing medical identity theft IS possible – let’s see how to protect patient information even if there is a data breach.

How to protect patient information with RightPatient

RightPatient is the leading touchless patient identification platform trusted by responsible hospitals and health systems for several reasons. Firstly, it ensures accurate patient identification starting from appointment scheduling and at any touchpoint across the care continuum. Secondly, it is easy-to-use, safe, and hygienic, as the interactions are contactless – something that is extremely valuable in a post-pandemic world. Thirdly, it protects patient data and blocks fraudsters during identity verification – preventing medical identity theft in real-time.

During the registration process, the patient just needs to look at the camera – the photo taken is attached to their medical record, essentially “locking” it from being meddled with by fraudsters. When the patient returns for future visits, all the patient needs to do is look at the camera – RightPatient automatically runs a search and presents the appropriate EHR when it finds a match between the saved photo and the patient’s live image. Any fraudster attempts will be red-flagged by RightPatient during this process – stopping medical identity theft in its tracks.

How are YOU protecting your patients’ information?

4 Promising Health IT Practices That Improve Patient Outcomes

July 1, 2021/6474 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, EHR, Patient Data, Patient Errors, Patient Identification, Patient Safety, Telehealth /by Matt Gibson

The pandemic, when it hit the U.S., spurred its healthcare providers to adapt to the rapidly changing landscape it forced on everyone. Hospitals and health systems had to search, come up with, and implement drastically different practices that many experts thought weren’t possible. Just look at telehealth – its future was quite uncertain. However, during the pandemic, both its popularity and usage skyrocketed as hospitals and health systems relied on it to provide care to non-critical patients without risking the latter’s safety. That’s just one example – there are similar promising health IT practices that are trending and set to grow in the future and improve patient outcomes in the process. Let’s take a detailed look at some of the more popular health IT practices that can improve quality and safety in healthcare facilities.

4 trending health IT practices that help improve patient outcomes

The increased role of IT teams

As the pandemic forced healthcare providers to switch from in-person visits to virtual ones, implement practices to aid remote work, and ensure that data management is accurate, it was the IT teams’ responsibility to ensure that everything went smoothly. Moreover, cybersecurity attacks were higher than ever since providers already had their hands full.

CIOs and their IT teams not only had their hands full during the pandemic but they also had added responsibilities and expanded roles to play. As COVID-19 cases are decreasing, healthcare providers are aiming for a different approach to providing better and safer healthcare services to improve patient outcomes in the process. As a result, CIOs and relevant IT personnel are in huge demand.

Talking about cybersecurity, let’s move on to the next point.

A much-needed focus on ramping up cybersecurity

As previously mentioned, hackers had upped their game last year. While many hackers had promised not to attack healthcare due to the unprecedented crisis, not all hackers shared the same sentiments. Unfortunately, many of them did attack while healthcare providers had their hands full with COVID-19 cases. This not only led to them stealing patient information and selling it to fraudsters on the dark web, but many incidents also disrupted healthcare operations. In fact, the IT systems of many hospitals were rendered unresponsive or slow as the information within the systems was locked and not available for use.

So, what did healthcare providers do to mitigate the issues?

Well, many of the hospitals saw what their contemporaries were going through and opted for better cybersecurity practices. While getting a new cybersecurity solution includes several impediments, hospitals opted for simpler solutions. For instance, many had cut off access to external emails whereas others focused on stricter screening of external emails.

However, while data breaches seem inevitable and as most caregivers cannot upgrade their cybersecurity solutions due to various reasons, they CAN prevent the endgame of most data breaches – medical identity theft. For instance, RightPatient prevents medical identity theft in real-time by identifying fraudsters during the registration process. The patient identification platform can prevent fraudsters from accessing services even if the data is breached, reducing litigation costs.

With cybersecurity attacks at an all-time high, it looks like healthcare providers are thankfully changing their approach and are working to rectify security gaps by providing better training to employees regarding cybersecurity practices, going for a proactive approach rather than a reactive one, and by hiring competent security professionals – helping enhance patient outcomes in the process.

Expanded telehealth usage

Is the rapid growth of telehealth even surprising at this point?

Before the pandemic, telehealth didn’t have a bright future. Apparently, it has been around for a long time, but experts were busy talking about its demerits, patients were wary of it, and there was a lack of consistent interest. As a result, telehealth was collecting dust, figuratively speaking. However, the pandemic changed everything – it showed how useful telehealth was. As regulations were relaxed around telehealth, it helped reach more patients and provide care to the non-critical ones, rapidly expanding its userbase.

Telehealth was one of the most trending health IT topics last year, and it still is reigning, as many actually prefer telehealth over in-person visits now and have said they will continue to use it even after the public health emergency is over.

Many healthcare providers, as a result, are going for a hybrid approach. They are planning to offer both in-person and virtual care, providing the best of both worlds to their patients. Not only will this help increase patient satisfaction, but it will also speed up processes and keep the patient volume down during in-person visits, something that’s quite necessary as the pandemic is not over yet, helping improve patient outcomes.

Utilizing contactless solutions can improve patient outcomes

There’s always been growing interest in contactless solutions for any given industry, but the pandemic has pushed it to the forefront – virtually everyone knows the risks of physical contact now. Therefore, many are developing contactless solutions for healthcare facilities that can reduce hospital-acquired infections and improve patient safety. However, did you know that such a solution has been in use for several years in many hospitals and health systems?

RightPatient, our touchless biometric patient identification platform, has been serving several healthcare providers for years, and it only requires patients to look at the camera. The platform does the rest and provides the accurate EHR to the registrar – improving patient safety, preventing duplicates and overlays, and reducing medical errors in the process. As previously mentioned, it also helps prevent medical ID theft in real-time by red-flagging fraudsters during the registration process.

That was just an example of how a touchless solution has been transforming patient safety in several ways – there are more solutions on the way that can improve patient outcomes and boost the bottom lines in the process.

Patient Data Protection Is One of the Topmost Priorities in a Post-Pandemic World

June 18, 2021/6312 views / 0 Comments/in BLOG, Data Breach, Data Integrity, EHR, healthcare, Medical Identity Theft, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

COVID-19 has changed the fabric of reality for the entire world. While it has spread like wildfire and ravaged the entire world for more than a year, its effects are waning in the U.S. thanks to millions being vaccinated. However, the notorious virus has impacted virtually everything, and arguably, it affected healthcare the most. Not only did it make hospitals overflow with patients, but it also led to new challenges for hospitals – keeping hospitals clean, reducing hospital-acquired infections, and preventing compromised patient information. While we’ve focused on infection control in hospitals a number of times, let’s take a look at how COVID-19 impacted patient data, why hackers are after it, and how patient data protection can be ensured.

Patient data protection took a backseat during the pandemic

The U.S. healthcare system has always had several issues that restricted it from reaching its full potential – one of which is inadequate patient data protection. COVID-19, unfortunately, made it worse and introduced brand new challenges for hospitals and health systems – let’s see how.

COVID-19 forced entire sectors of the population to work from their homes and stop commuting. As a result, organizations had to adopt remote working policies in order to survive. While frontline healthcare workers didn’t have the luxury to work from their homes, many healthcare workers were able to work remotely. Many of these employees handled patient information, and as they worked from home, they used various devices to access, transmit, receive, and work on sensitive patient information.

The problem here is that prior to the pandemic, such patient information was only accessible using devices, networks, and tools authorized by the organization – ensuring an adequate level of patient data protection. However, to ensure hospitals and clinics could continue operating, many rules were relaxed by organizations – some of which are these stringent device policies.

As a result, patient data security was substantially compromised by sizable healthcare providers. Even without the relaxed rules, it would have been a nightmare to track who accessed the information using their personal devices – there are just too many complications involved.

How secure is patient data currently?

However, several hospitals have opened their doors to patients, for in-person visits, and more. But even in those hospitals, many healthcare workers are still working remotely, meaning that patient data protection is still at considerable risk due to unsecured networks, personal devices, etc. Moreover, healthcare providers have had their hands full with COVID-19, not to mention that numbers of data breaches have increased significantly – you can just google it and see how many patients are at risk.

But why are hackers so determined to cause breaches to steal patient information?

Patient data is heavily targeted by hackers

Well, healthcare providers have many restrictions – one of which is very meager budgets to upgrade their cybersecurity measures. As a result, they are quite vulnerable to breaches. Other than being a relatively easy target, stealing patent information is extremely profitable for hackers – they can sell each record for up to $1000 in the black market! The buyers impersonate the patients and since there’s no effective patient identity verification system present for all healthcare providers, many of these fraudsters get away with it. Many hackers are even holding the data and demanding a ransom to not leak or sell it online.

Healthcare providers are having quite a tough time. Before the pandemic, they had a plethora of issues, during the pandemic, pandemonium reigned. And after the pandemic, rising data breaches are among the existing issues.

However, if healthcare providers focus on accurate patient identification, they can solve several problems – let’s see how.

Protect patient information with accurate patient identification

Accurately identifying patients solves a number of issues. For starters, patient misidentification itself is a huge but overlooked issue – caregivers rally each year for a patient identifier. Accurate patient identification prevents duplicate medical records right from the start, prevents claim denials, ensures that the right patient is receiving the treatment, enhances healthcare outcomes, and improves patient safety too. All of these lead to improved goodwill, lower patient safety incidents, and better bottom lines. RightPatient is the leading touchless biometric patient identification system that checks all the boxes above and has even more benefits , but how does it protect patient data?

Well, RightPatient uses a database of patients’ faces to validate their identities. When fraudsters attempt to impersonate the patients, even if the data is breached, RightPatient detects the difference between the live photo and the one saved during registration. It easily red-flags the fraudsters, prevents medical identity theft in real-time, and protects patient data in the process.

RightPatient has been proudly protecting millions of patient records in several healthcare facilities for years – are you protecting your patients’ information and ensuring their safety?

Protecting Patient Data Is Crucial – 2.7 Million Patients Were Affected this May

June 16, 2021/6233 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, Data Integrity, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Safety /by Matt Gibson

Even before the pandemic, protecting patient data has been a big headache for most healthcare providers. This is mostly because cybersecurity measures employed by most hospitals are not state of the art, which means hackers constantly attempt to break in and steal patient data, many cases ended up in lawsuits, and cost hospitals a lot of money as well as cause patient safety issues down the line. However, during the pandemic, there have been cases of data breaches, and just last month (May), around 2.7 million people were affected by them collectively. Let’s take a look at how some of these happened, how most of these cases lead to medical identity theft, and how the latter can be stopped in real-time with a positive patient identification platform.

Some very recent data breach cases that show protecting patient data is crucial

While ransomware has been a major component of data breaches in recent times, phishing and other tactics are also used and are still some of the primary tools employed by hackers during breaches. Let’s take a look at some of the recent cases that have been filed in May – you can view the full list here.

HPSJ’s email breach affected over 420,000 medical records

Health Plan of San Joaquin suffered a breach that occurred because unauthorized personnel had gained access to the provider’s email system. This occurred back in 2020 and, after inspection, it was discovered that this affected a number of official emails. While password reset was mandated on the accounts, it might have been too late, and it was found that this happened between the end of September and the middle of October last year. Moreover, after a thorough review, it was detected that over 420,000 patients’ information was compromised, and it included names, addresses, SSNs, and more. While it has been said that there has been no misuse of the information yet, HPSJ itself is being cautious since it knows that the breached information might be used in the future for medical identity theft.

Arizona Asthma and Allergy Institute suffered a breach that compromised 50,000 patients

This one is a bit vague since there is no concrete information as to how it happened. However, the Arizona-based institution has stated that PHI (protected health information) of up to 50,000 individuals was “temporarily exposed online” under the name of a different organization back in September 2020.

It took till March 8 2021 to uncover that sensitive information was compromised including – last names, healthcare provider names, health insurance information, and patient identification numbers.

Just like the last case, there is no hard evidence that the compromised information has been misused – yet. However, the institute has notified affected patients to monitor their statements for fraudulent activities arising from medical identity theft.

These were just two examples – around 35 hospitals and healthcare organizations such as Arizona Asthma and Allergy Institute, CareSouth Carolina, New England Dermatology, and more, were hit by similar breaches, affecting around 2.7 million individuals! This clearly shows how many people data breaches can affect and how they are becoming increasingly common and inevitable. But why are hackers focused on data breaches and why do they target healthcare?

Data breaches – why target healthcare and what happens next

Well, hackers typically steal information in order to sell it in the black market, and in the U.S. the most profitable information is medical records. You see, stolen patient information can be sold for up to $1000. Compared to selling stolen credit card information, that’s a lot, which is why more hackers focus on healthcare. Moreover, healthcare providers have a lot of constraints which prevent them from utilizing the best cybersecurity practices, leading to data breaches.

After the breach, when the hackers try to sell off the information on the black market, there are many individuals who are willing to buy it. Since buying the information for $1000 is cheaper than paying for their own healthcare, many fraudsters find this feasible. Afterward, they pose as the patients when they go to the hospitals. Unfortunately, as these fraudsters are armed with the information and since there’s no accurate patient identifier used by the caregivers, most of these bad actors get access and avail healthcare services fraudulently.

Protecting patient data is possible even after a breach

While most healthcare providers focus on protecting patient data before data breaches, others utilize innovative solutions to protect it after breaches too. Most of the fraudsters can be red-flagged and medical identity theft can be prevented if a proper patient identification platform is used, and that’s exactly what RightPatient does.

Whenever fraudsters come in, they need to verify their identity, and RightPatient validates that by comparing the live photo with the saved one. When it detects that the fraudster’s face does not match with the saved one, it red-flags them, preventing medical identity theft in real-time.

RightPatient prevents medical identity theft, reduces denied claims, ensures accurate patient identification, enhances patient safety, and more – would your facility benefit from this solution to protect patient information and prevent millions in losses?

4 Strategies Hospitals Use to Prevent Medical Identity Theft Cases

November 20, 2020/10567 views / 0 Comments/in BLOG, Data Breach, healthcare, Medical Identity Theft, Patient Data, Patient Errors, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

The US healthcare system has been plagued with several issues over the years. The lack of price transparency, interoperability issues, sky-high prices, and the lack of a standardized patient identifier are just some of them. One of the more concerning, and increasingly common, issues is medical identity, affecting more and more healthcare providers and patients. While providers are already facing huge losses due to the pandemic, they need to mitigate them by reducing preventable costs. One viable solution can be to reduce medical identity theft cases, and doing so will bring several benefits.

Let’s take a look at how medical identity theft happens, how common it is, and some strategies that can prevent it and mitigate losses.

How do medical identity theft cases happen?

Medical identity theft can occur in many ways, but it can usually be traced back to stolen patient information or records – a consequence of healthcare data breaches. There’s a reason why medical identity theft cases are so common: hackers are focusing more on healthcare data breaches because stealing and selling patient information is quite lucrative.

After a hospital suffers a data breach, the hacker(s) then tries to sell the stolen patient information on the black market. Unfortunately, there are many buyers available for many reasons, and they are also willing to pay high prices – up to $1000 per record!

After buying the stolen patient data, the fraudster assumes the identity of the patient. This can happen within healthcare facilities as well as during telehealth sessions (which are surging in popularity right now).

The majority of hospitals have no effective patient identifier and therefore they fail to red flag the individual, leading to medical identity theft. The scammer then illegally uses the victim’s credentials to obtain prescription drugs, medical equipment, and healthcare services, charging the victim for the services. Not only that, but since the fraudster uses the medical record, their information will be recorded within the EHR (Electronic Health Record) and can lead to patient safety issues down the line.

While that was a simple example, many complex medical identity theft cases are occurring almost daily.

Is medical identity theft common?

The numbers don’t lie –more patient records were breached in 2019 compared to the prior three years combined! Moreover, 9.7 million patient records were affected by data breaches this September. There’s no doubt that the majority of these patient records will be used for medical identity theft, as experts are also predicting a sharp increase in the near future.

Hospitals must ensure that they are preventing medical identity theft cases to guarantee patient safety and reduce associated litigation costs. Let’s take a look at some strategies that can help prevent medical identity theft and all of its consequences.

4 strategies hospitals can use to prevent medical identity theft cases

Follow the rules and regulations

First and foremost, the healthcare facility must ensure that they are properly following the rules. For instance, HIPAA mandates that there should be some technical, administrative, and physical safeguards present to protect patient information, known as PHI (Protected Health Information).

While this might seem like a straightforward strategy, a lot of healthcare providers fail to ensure HIPAA compliance. This not only leads to data breaches and medical identity theft down the line, but also incurs HIPAA penalties. HIPAA itself is a multi-layered and complex law that requires continuous effort to ensure compliance.

Fortunately, healthcare organizations can use HIPAA Ready, a robust HIPAA compliance software, to reduce the administrative burden. It streamlines HIPAA compliance, ensures training management, keeps all the HIPAA-related information in a centralized location, and also helps conduct internal audits.

By ensuring HIPAA compliance, healthcare organizations can detect security gaps and address the vulnerabilities, mitigating data breaches and, in turn, medical identity theft.

Devise a policy to enhance security

As previously mentioned, HIPAA has several requirements and requires that networks and devices are secure at all times. To do that, hospitals must come up with and follow a strict device policy so that sensitive patient information is not leaked inadvertently. While a BYOD (bring your own device) practice might be more flexible, it will inevitably lead to data breaches and leakage of sensitive information.

Thus, the following tips will help enhance security:

Only allow official devices for storing sensitive information
Only allow logging into secure networks
Encourage usage of VPN
Ensure data encryption at all times
Keep logs of access requests to track any suspicious activity

Train employees regularly

Staff members such as registrars and nurses are the ones who regularly access patient data. Training them will provide them with the knowledge to avoid suspicious emails, as that is the primary weapon of hackers. Moreover, providing regular training – especially if it includes information on recent data breaches – can be beneficial. As previously mentioned, HIPAA Ready can help with training management.

Ensure accurate patient identification

Even if a data breach occurs, medical identity theft can be prevented if healthcare providers can red flag the fraudster during identity verification. That is exactly what RightPatient does.

RightPatient is the leading touchless patient identification platform used by several caregivers. It verifies identities by using patients’ photos. After scheduling appointments, patients need to provide a personal photo and a photo of their driver’s license. The platform matches them and verifies their identity remotely, red-flagging fraudsters. This system is ideal for telehealth sessions.

During inpatient visits, the scammer is red-flagged when the platform identifies that their face does not match the saved photo attached to the medical record, preventing medical identity theft in real-time.

Healthcare Data Breach Cases Lead to Medical Identity Theft – How Are You Protecting Patients?

October 28, 2020/8601 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

Anyone who knows about the US healthcare system also knows that it has always been riddled with issues, even before the COVID-19 pandemic hit. Astronomical costs, the lack of price transparency, and the insurance system are not the only problems. Poor healthcare outcomes, preventable medical errors, medical identity theft, duplicate medical records, and lack of interoperability also plague healthcare facilities across all states. While we have covered many of these topics at one point or another, this time we will focus on healthcare data breach cases. Let’s take a closer look at recent healthcare data breaches, why providers are being targeted so frequently, how they generate medical identity theft, and how healthcare providers can protect patient data even after breaches.

Healthcare data breaches are becoming increasingly common

When the pandemic hit the US healthcare system, many hackers had pledged that they won’t attack healthcare providers and steal patient information – something that was unprecedented. However, not all of the hackers shared the same mindset, and there have been many healthcare data breach cases over the past few months. As a result, healthcare providers are having to fight multiple battles at the same time. Let’s review two of the recent attacks.

UHS reportedly suffered a huge breach

Pennsylvania-based Universal Health Services, a health system that consists of 26 hospitals, suffered a breach. On the 30th of September, they stated that some of the systems had been recovered. While there are no specifics as to how many patients were affected, the health system was forced to go offline on all of its locations to reduce the risks. However, it is working tirelessly to restore the affected systems.

Ashtabula County Medical Center

The Ohio-based medical center also suffered a cybersecurity attack on the 27th of September which forced it to cancel procedures.

What are healthcare providers saying regarding data breaches?

Many are stating that healthcare data breach cases are becoming quite common and they need better cybersecurity measures to reduce these unwanted events. While cybersecurity has always been a concern of CIOs and IT leaders, the budgets don’t allow them to realize their visions of having breach-free health systems. Moreover, they are expecting even more data breaches in the future, as they don’t see data breaches going away anytime soon. Sadly, the problems do not end here.

Healthcare data breaches generate medical identity theft

Data breaches are huge nightmares for any healthcare provider. The worst part is that they’re inevitable, and even the biggest health systems can be vulnerable – hackers are constantly uncovering new strategies to attack and steal patient information.

After stealing the patient information, fraudsters buy it from the black market and they assume the identities of the patients. Not many healthcare providers have effective patient identity management systems, so scammers can easily pass themselves off as the patients, since they have their credentials. If providers use effective patient identification platforms, they can prevent medical identity theft in real-time. Thus, while data breaches are inevitable and, without proper cybersecurity measures, unavoidable, medical identity theft can be prevented.

RightPatient mitigates the losses associated with data breaches

Using a robust photo-based engine, RightPatient ensures accurate patient identification using the feature fraudsters or hackers cannot steal or imitate: patients’ faces.

The platform can also identify patients right from appointment scheduling – patients are asked for a personal photo and a photo of their driver’s license after scheduling an appointment. After patients provide the photos, RightPatient matches the photos to verify the patient’s identity to see if they are who they say they are. If a fraudster is assuming the identity, RightPatient red-flags the anomaly, preventing medical identity theft in real-time. New patients are provided with biometric credentials, making it a seamless process.

If the patients are coming in person to the healthcare facilities, all they need to do is look at the camera. RightPatient matches the new photo with the saved one – if it’s a scammer, RightPatient red-flags the incident, preventing medical identity theft. It ensures a touchless and hygienic environment for everyone, something that is mandatory in a post-pandemic world.

RightPatient is enhancing patient safety, protecting patient data from being corrupted, and improving healthcare outcomes. Mitigate your losses, prevent medical identity theft, and enhance patient safety now with RightPatient.

Medical Identity Theft Prevention Becomes Crucial as Telehealth Usage Rises

October 23, 2020/8652 views / 0 Comments/in BLOG, Data Breach, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Outcomes, Patient Safety, Privacy, Telehealth /by Matt Gibson

The novel coronavirus, infamously known as COVID-19, is a phenomenon that has changed our lives forever. Wearing masks, using sanitizers, and practicing social distancing has become a part of our daily lives, especially for those who need to leave their houses every day. It has disrupted business operations and even forced many into bankruptcy, causing businesses to shut down. One of the most affected industries is healthcare, and it is safe to say that the US healthcare system has been severely affected by the pandemic. Hospitals have shut down, and those that are open are facing unprecedented losses. However, telehealth has experienced a meteoric rise in both popularity and usage. While more patients and caregivers are adopting telehealth, healthcare providers need to ensure that such visits are not plagued with medical identity theft cases. Let’s take a look at the rapid rise of telehealth, how people are adapting to it, and how medical identity theft prevention can be ensured with RightPatient.

Telehealth is becoming mainstream

Let’s take a look at a recent survey by Amwell. The research sheds light on the fact that patients and caregivers are far more open to using telehealth now compared to the pre-pandemic period. The numbers clearly illustrate this: in 2019, 8% of patients and 22% of caregivers had virtual sessions, whereas in 2020, the number is around 22% for patients and a whopping 80% for caregivers. This is predominantly because the pandemic forced hospitals to shift their focus to the COVID-19 patients, leaving others with the option to get treated via virtual sessions rather than inpatient visits.

Some of the key findings from the study regarding telehealth are:

More scheduled virtual visits compared to urgent care visits

According to the survey, patients leaned towards scheduled virtual visits compared to urgent care visits. 54% of patients had scheduled virtual visits with their physicians, whereas 21% of patients who had at least a virtual visit had an urgent care visit as well during 2020.

Virtual specialty care is growing rapidly

Unsurprisingly, telehealth is being used by more patients every day. 42% of patients had virtual visits with their regular specialists, and 13% had virtual visits with new specialists this year. Moreover, specialists such as cardiologists, surgeons, and others stated that they had seen more patients virtually compared to 2019. This led to specialists being more open to telehealth as well – it was the only way to treat some patients due to COVID-19.

More patients were opting for telehealth

2020 had three times the number of patients using telehealth compared to 2019. 59% of the patients who used telehealth stated that their first usage was during the pandemic, and an overwhelming 91% of the patients were “very” or “somewhat” satisfied with the visits.

Healthcare providers, on the other hand, said that they saw almost four times more patients this year compared to 2019, and 84% of providers were “very” or “somewhat” satisfied with the platforms.

Medical identity theft prevention must be ensured

While all of the above statistics show that telehealth has a promising future ahead, it also has to ensure patient safety. There are many risks associated with conventional inpatient visits such as medical identity theft, patient misidentification, medical errors, and so on. While not all of these issues will bleed over to telehealth, many experts are predicting that telehealth might witness medical identity theft cases. Thus, responsible caregivers should ensure medical identity theft prevention to secure safe, undisrupted healthcare visits – for both virtual and inpatient visits.

How data breaches, medical identity theft, and telehealth are related

Healthcare data breaches are becoming common because hackers can steal patient information and sell it for up to $1000. Data breaches are endless nightmares for healthcare providers – causing HIPAA compliance issues, loss of goodwill, unwanted publicity, and finally, medical identity theft. Fraudsters buy the information from the hackers to assume the identities of the patients and use the victims’ healthcare services illegally. Since many healthcare providers don’t have robust patient identity verification systems, they are unable to identify the scammers. These are the cases that occur within healthcare facilities.

Telehealth has been largely ignored in the pre-pandemic world. People were debating about its pros and cons, and since it didn’t provide the same level of flexibility as conventional healthcare, its future was uncertain. However, the pandemic changed the public’s perception regarding telehealth. As the statistics above demonstrated telehealth’s acceptance, experts have predicted that hackers and fraudsters will focus on it as well. If they acquire the login credentials of patients, fraudsters can also impersonate the victims during telehealth sessions, committing medical identity theft virtually. Thus, medical identity theft prevention becomes crucial.

RightPatient ensures medical identity theft prevention

Thankfully, healthcare providers can prevent medical identity theft with RightPatient. It is a touchless biometric patient identification platform that uses the faces of the patients to prevent healthcare fraud and protect patient data. With a powerful photo-based engine, RightPatient ensures that the patients are who they say they are. After scheduling appointments, patients receive an SMS or email and they need to provide a personal photo and a photo of their driver’s license to verify their identity. The platform automatically matches the photos, ensuring remote identity verification.

RightPatient ensures accurate patient identification across the continuum of care, starting right from appointment scheduling. During hospital visits, all the patient needs to do is look at the camera – the platform matches the current photo with the one saved during registration, creating a touchless, easy, and hygienic experience. RightPatient is preventing duplicate medical records, reducing claim denials, preventing medical identity theft, and enhancing patient safety for leading healthcare providers. Be a responsible provider and protect patient data with RightPatient now.

Data Breaches are Occurring During the Pandemic – Prevent Healthcare Identity Theft Now

September 22, 2020/9996 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, EHR, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Matching, Patient Outcomes, Patient Safety /by Matt Gibson

Despite the relaxed rules and the U.S. slowly opening up, the COVID-19 crisis is still going strong. With no treatment found (as of yet), everyone is still feeling the effects of the coronavirus. However, there’s no doubt that the U.S. healthcare system has been affected more significantly than systems in other countries. For starters, the number of patients is overwhelming, the financial strain is unprecedented, not to mention the existing issues such as data breaches. When faced with so many impediments from all sides, how can providers prevent healthcare identity theft? Let’s explore some of the recent data breaches, how they lead to medical identity theft, and how a solution like RightPatient can protect patients and providers.

Some recent cases

It’s not only healthcare providers – all types of healthcare organizations are being targeted by hackers. Let’s review the healthcare organizations who became recent victims of data breaches.

Dynasplint Systems suffered a data breach that might have resulted in stolen health information. After an investigation, they identified that names, addresses, social security numbers, and other information might have been accessed or stolen. Over 102,800 people were affected.

Another healthcare organization, Pinnacle Clinical Research specializing in clinical trials, suffered a phishing attack. The breach consisted of clinical trial participants’ information.

Mental Health Partners suffered a phishing attack as well – names, DOBs, social security numbers, among other information was potentially stolen.

How data breaches lead to healthcare identity theft

There are many other recent cases like the ones above. However, they have one thing in common – the hackers were after patient information. Any healthcare organization is a potential target for hackers. But why do hackers target them, especially for their patient information?

After stealing the patient information, the data is sold on the black market for high prices. Since healthcare in the U.S. is quite expensive, the demand is high for the stolen information – those why buy the data believe that it’s worth buying, as opposed to getting healthcare coverage for themselves. When these fraudsters use the victims’ information, they get access to healthcare services, expensive medical devices, and treatments, whereas the victims get fraudulently charged with the costs.

That’s not all – patient safety is jeopardized as well. When the fraudsters use the victims’ medical information, the patient data gets corrupted as the fraudsters’ information and preferences are recorded in the victims’ medical records. Unless such healthcare identity theft cases are rectified, the patient will be receiving improper treatment based on a medical record consisting of corrupted patient data. These cases lead to repeated lab tests, delays in treatment, as well as negative patient outcomes. Healthcare providers also face litigation costs due to medical identity theft cases.

With the pandemic still raging across the world, one would think that medical identity theft would be the last thing caregivers are worried about. While data breaches are quite inevitable, steps can be taken by healthcare providers to ensure patient safety.

How to prevent healthcare identity theft cases

Ensure HIPAA compliance and safeguard PHI

One way of protecting patient information is by getting back to the source – data breaches. Anyone familiar with healthcare in the U.S. has heard of HIPAA. The law basically sets the groundwork for protecting patient information known as PHI (protected health information). However, it’s quite a comprehensive and multilayered law – even the biggest healthcare providers have a hard time ensuring compliance as the rules and regulations change frequently.

Even during the start of the pandemic, some rules were relaxed to ensure faster healthcare delivery. The bottom line is that if providers ensure HIPAA compliance, put enough safeguards in place, detect security vulnerabilities using internal audits, and are well versed about data breaches, they can protect themselves better against cybersecurity attacks. That’s what HIPAA Ready does – it is a simple but powerful HIPAA compliance software that keeps all the HIPAA related information centralized, helps you conduct internal audits to detect vulnerabilities, and helps you set up HIPAA training sessions to keep your employees up to date on the latest changes.

Ensure patient identification

Responsible healthcare providers can go the extra mile and add an extra security measure that no fraudster can pass through – even in the cases of data breaches. That’s where RightPatient comes in.

It is a touchless patient identification platform that uses a photo-based search engine to ensure that the patients are who they say they are and not some fraudster. During hospital visits, the platform takes a photo of a patient during enrollment and locks the medical record with it. If a fraudster attempts to commit healthcare identity theft, the platform will red flag the individual, preventing medical identity theft in real-time.

RightPatient has been helping leading healthcare providers for years now, and with its touchless platform, it is the only sensible option in a post-COVID-19 world.

Try RightPatient now and be a responsible healthcare provider.

Providers Must Protect Patient Information to Enhance Patient Trust

August 13, 2020/9241 views / 0 Comments/in BLOG, COVID-19, Cybersecurity, Data Breach, EHR, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

The US healthcare system has always been the one attracting attention for all the wrong reasons – it is inundated with a plethora of issues. Lack of price transparency, interoperability issues, lack of proper patient identification, archaic laws governing the overall system, and prevalent medical identity theft cases are just some of the many problems that plague providers and prevent them from giving optimal patient care. One of the more prominent problems faced is healthcare data breaches – something that happens regularly nowadays. With the pandemic in mind, healthcare providers need to do all they can to enhance patient trust and improve patient safety – something they can do if they protect patient information. This is critical because it will boost inpatient volumes and can help offset the ongoing losses due to COVID-19. Let’s see how RightPatient can help by ensuring accurate patient identity verification.

What does the data say?

A recently released study by the Journal of General Internal Medicine has shed some light on patients’ perceptions about their EHR security and privacy.

According to the report:

The respondents who fear that their EHRs will be jeopardized due to a cybersecurity incident are three times more likely to hold back information from their caregivers, compared to those who do not share the same feeling, especially during the transmission of said EHRs electronically.
Out of the respondents who trusted that their EHRs were safe and secure, chances of concealing information from their providers were around half compared to those who had privacy concerns.
Older, married, and employed patients were less likely to withhold information.

This study was conducted with keeping the growth of telehealth in mind and how a lack of patient trust will cause problems, especially during the pandemic. Thus, healthcare providers need to rethink their strategies and boost patient confidence. Not only will it help provide better healthcare services, but it will also increase patient retention – patients will not switch to other caregivers if they see that their providers protect patient information effectively.

Protect patient information by ensuring compliance

With the electronic transmission of PHI (protected health information), HIPAA compliance is the first thing that pops up on the minds of providers. The aforementioned study suggests the same: providers should address patients’ concerns by addressing security gaps. This can be done by providing proper training for internal data breaches and do’s and don’ts during PHI transmission, conducting internal audits to detect security issues, and keeping relevant employees on the same page regarding HIPAA compliance. HIPAA Ready is a robust HIPAA compliance software that can address all that and more, helping you protect patient information in the process. Simplify HIPAA compliance and reduce your administrative burdens with HIPAA Ready.

RightPatient helps protect patient information

RightPatient has been helping to protect patient data for years now. Moreover, even if you face a data breach, you can still safeguard patient information. Here’s how it works.

Once a provider deploys RightPatient, patients receive an SMS or email to validate their identity after scheduling an appointment. The patient provides a selfie and a photo of their driver’s license, and RightPatient matches the photos to ensure a proper match. Patients new to the platform are provided with new biometric credentials.

During inpatient visits, all patients need to do is look at the camera. The platform identifies them by matching the photos, ensuring accurate patient identification.

Another reason why RightPatient is a must

The aforementioned study is also related to the updated Medicare CoPs. Since the study talks about sending EHRs to other caregivers, the recently introduced e-notifications come to mind. With the looming CMS compliance deadline (May 1st, 2021), healthcare providers need to ensure accurate patient identification so that they can send out accurate e-notifications during ADTs. If they fail to send out notifications to the proper channels, it can cause noncompliance issues and can risk their CMS provider agreements. RightPatient is a must-have solution to avoid such cases and ensure that the proper caregivers are notified.