By Terry Corbell
The Biz Coach
Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft
Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.
Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996. You hear the acronym a lot in healthcare.
However, at issue is whether health-care workers keep their mobile devices secure, according to the 2013 HIMSS Security Survey. Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.
Hospitals are securing their devices. But most employee devices aren’t secure, and 88 percent of respondents in a Benchmark Study on Patient Privacy and Data Security say employees are allowed to use their private mobile devices to access patient records.
The growing trend of allowing employees to BYOD — bring their own devices — isn’t healthy. It’s bad for the medical profession as well as for other sectors.
More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ personal devices. Nearly all say their devices might have been attacked, according to a 2014 study (see Do BYOD Headaches Outweigh Benefits? Yes.)
Employees ostensibly assume their iPhone and Android devices are secure, but they’re not. (See: Surprise — Cyber Criminals Chew up Apple Products, too and Who Profits from Android’s Security Issues? Not Users.)
The problem of medical identity theft has been growing for years.
Data shows it adversely impacted 1.42 million Americans in 2010. That’s according to a 2011 study by PricewaterhouseCoopers (PwC) that shows medical ID theft aggregately cost more than $28 billion.
“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.
He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.
MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.
It reported the three most-common identity breaches:
1. Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.
2. Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.
3. Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.
“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.
In public reports, theft was responsible for 66 percent of medical ID breaches in the last two years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.
More shocking news
Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.
“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.
More than 50 percent of the study’s respondents who work for healthcare organizations said they knew of at least one privacy breach since 2009.
“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”
What can patients do?
“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.
The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.
Obviously, as a business-performance consultant, here’s my sense:
1. The medical profession should emphasize and implement stronger security precautions.
2. All medical employees should undergo privacy-confidentiality sensitivity training.
After all, shouldn’t healthy precautions be part of medical care?
From the Coach’s Corner, you might consider these security-resource links:
How to Enhance Security in Your Company’s Wireless Network – Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.
BYOD, Mobile-Banking Warnings about Security Prove Prophetic – Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.
Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.
11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud — The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.
“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”
Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.