Medical identity theft is on the rise and set to cost the healthcare industry over $6 billion in annual losses, according to data security experts. Even with strict HIPPA compliance, your behavioral health practice may still be vulnerable to security breaches from a number of sources. Unfortunately, many victims of medical identity theft are not aware that their information has been compromised until it’s too late. Knowing what to look for, where your practice may be vulnerable and what precautions to take to safeguard sensitive information and records can save your practice (and patients) from the headaches and expense involved with falling victim to identity theft. According to a report from the National Center for Biotechnology Information, a division of the U.S. National Library of Medicine, mental and behavioral health patients are especially vulnerable to the financial and emotional consequences of identity theft.
Safeguarding Medical Records from Hackers and Data Breaches
From institutional data breaches to theft of personal information that can be used to illegally acquire everything from medical services to prescription drugs, medical identity theft is at its highest level in years. Medical data is especially vulnerable and has become a high-level target for hackers in recent years because of its value on the black market. While stolen financial data like credit and debit cards can be disputed and replaced, medical information cannot be recovered once it has been stolen, and the process can be complicated and expensive for consumers.
In addition to selling it on the black market, identity thieves can also use stolen medical data to obtain prescription drugs and medication, making behavioral and addiction and substance abuse healthcare providers valuable targets.
Behavioral Health Professionals are Also a Target for Cyber Criminals
Impersonating behavioral health providers and clinics and hijacking provider website is another method used by identity thieves and hackers to lure unsuspecting patients. A common tactic is to redirect calls from call centers, taking business away from the actual clinic and steering callers to unknown third party sites.
The U.S. Federal Trade Commission recommends guidelines for identifying identity theft:
- Inform your patients about your practice’s privacy and security practices and let them know how to spot a breach if it occurs:
- Monitor credit reports for collection activity on fraudulent medical charges
- Receive bills for services they didn’t obtain
- “Maxing out” on insurance plan or denied coverage over fraudulent medical charges
- Perform regular reviews of your practice’s billing, filing and security protocols to make sure that they are up to date and within HIPPA compliance guidelines.
- Make sure that your technology is up to date. Although medical data has become a prominent target of hackers and cyber criminals, the healthcare industry as a whole has not kept pace with the financial industry in implementing stringent digital security measures designed to counter sophisticated hacking attempts.
That said, sensitive patient information is also vulnerable to more traditional methods of data theft or even unintended carelessness. Inform your staff of the growing threat and make sure they are also trained and prepared to safeguard medical data and how to spot potential security issues before and after they may occur. Something as simple as working on an unsecured laptop at home or leaving a patient file unattended in a busy office is all it can take.
Look for Red Flags
The American Medical Association advises medical facilities and healthcare providers to implement procedures designed to spot suspicious patterns that are consistent with identity theft and fraud. In addition to banking information and credit card numbers, medical hackers also target names, Social Security numbers and insurance plan numbers and coverage data.
MedEZ offers integrated software solutions to help manage your practice and billing securely and effectively. Contact us today for more information on the best practice management software and data security solutions for your practice.
Sources:
https://www.forbes.com/sites/laurashin/2015/05/29/why-medical-identity-theft-is-rising-and-how-to-protect-yourself/#4cae6e5d3608
http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market/#gref
https://www.ftc.gov/tips-advice/business-center/guidance/medical-identity-theft-faqs-health-care-providers-health-plans
https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html
https://www.cms.org/uploads/red-flags-rule-edu.pdf
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2921312/
http://www.huffingtonpost.com/entry/flattery-identity-theft-ethics-behavioral-health_us_595f9f4ee4b08f5c97d068ee