We realize there’s a ton of literature on medical identity theft out there, and you don’t have time to sift through all of it. With cases of identity theft being reported by a whopping 33% of healthcare organizations, it’s more important than ever to know where you stand and what to do in the event of an identity theft emergency.
Luckily, Power Your Practice is here to help. We’ve synthesized ‘legalese’ and analyzed recently publicized cases to give you a focused, no-frills take on medical identity theft, and what essentials you need to know about the most.
Federal Laws
There were more than 275,000 cases of medical data theft in the US in 2009, which was more than enough impetus for the federal government to get on the ball.
Apart from HIPAA and HITECH regulations on security risk analyses reporting and 128-bit encryption of medical computing devices, initiatives like 2003’s FACTA (Fair and Accurate Credit Transactions Act) and the Red Flags Rule started being used to combat the growing problem of identity theft in the US.
Under FACTA, creditors cannot obtain medical information to make credit decisions, thereby effectively keeping credit history and bill collecting separate from medical history and medical bill collecting, sans extreme cases.
The Red Flags Rule was passed in 2008 by the FTC and was inspired by sections 115 and 315 of FACTA. Under it, providers may be treated as creditors, and therefore forced to implement identity theft protection programs that include all patient accounts.
Prevention
Let’s start with the basics. You may secure patient data at your practice, but how sure are you about your trash?
There are 1.5 million medical identity theft victims in the US yearly, so it’s no surprise the FTC is cracking down on the careless disposal of old computing devices. Lucky for you, we wrote an article on steps to doing so. Check it out here.
This segues into the issue of keeping medical information up to date. Many practices don’t report changes to Medicare, Medicaid, and other insurance companies. These reports should include things you may not always consider, like opening and closing of offices and switching between group practices.
Protect that medical information, too. Run background checks on potential employers and other organizations before passing on any sort of information. This includes protecting any vehicles that could divulge medical information – even prescription pads need to be kept safe and secure.
Protecting yourself against identity theft even includes educating your patients, who can be victims as often as physicians and staff members are. Medical identity theft leads to higher insurance charges, and disputes with insurers over phantom charges can leave patients in the dark for future coverage.
What kind of precautions have you taken to prevent medical identity theft at your practice? Let us know in the comments below!