|Articles|October 1, 2015
Your patients’ personal information is at risk
In this article and several to follow, I will discuss privacy and information security concerns and what you can do to protect your patients’ data.
Advertisement
Robert A. Dowling, MDAlmost 20 years after the Health Insurance Portability and Accountability Act (HIPAA) was first enacted, the privacy and security of protected personal information remains a significant concern in the daily activities of providers and their patients. In this article and several to follow, I will discuss privacy and information security concerns and what you can do to protect your patients’ data.
Clinical Innovation + Technology, a leading trade magazine for the clinical informatics community, recently featured these headlines
- Some encrypted databases aren’t secure, finds Microsoft study
- 45% of Americans have had records compromised
- 81% of provider organizations have faced cyberattack in past 24 months
- NY Blues cyberattack affects 10 million
- UCLA cleared in data breach lawsuit
- $750K HIPAA fine for Indianapolis practice
- Employees disciplined, some fired for snooping in records
- New cybersecurity center to protect California’s medical records.
More from Dr. Dowling
The numbers in these headlines seem staggering, and often involve millions of individual records. They lead to large fines and untold expense in remediating the damage. The real impact may not be known for years, or ever recognized by the individuals affected. Stories of compromised personal information may seem sensational or exaggerated until they strike your organization or affect your patients-or even you personally. Consider this story:
A few years ago, a urologist attempted to file a federal tax return electronically and the submission was rejected because “according to IRS records, the tax filer has already filed a federal tax return for the specified tax year.” It was quickly determined that someone other than the urologist had filed a fraudulent tax return, and a sizable “refund” had been mailed to a physical mailbox on a vacant lot in a remote part of the western United States.
Read:
It took the victim over 18 months to completely reconcile the issue with the IRS, and during this time the criminal did the same thing the following tax year. This is a simple scam of epidemic proportion, according to a Feb. 12, 2015 NBC News article
Little information needed to conduct theft
In order to conduct this invasion of privacy and identity theft, a criminal needs only three pieces of information: name, date of birth, and Social Security number. All are nearly impossible to change once they have been compromised.
What does this have to do with HIPAA? A person’s name, date of birth, and Social Security number are ubiquitous in medical institutions and information systems and easily accessible to anyone using those systems. According to the Identity Theft Resource Center, medical/health care breaches account for 35% of all breaches and 78% of records (110 million) compromised in 2015 alone (table). These are the breaches we know about. Recognized or not, the protected personal information of millions of patients is being compromised at an alarming scale.
Bottom line: Theft of personal information from health care organizations is an important contribution to the broader problem of identity theft in this country. In articles to follow, I will examine this issue in greater detail, and provide some tips on how urologists can best protect the personal information of the patients in their practice.
More from Urology Times:
Newsletter
Stay current with the latest urology news and practice-changing insights — sign up now for the essential updates every urologist needs.
Advertisement
Related Content
Advertisement
Latest CME
Advertisement
Advertisement
