Understanding the Role of Identity Theft & HIPAA – In this post, we’re looking more closely at understanding the role identity theft plays in conjunction with HIPAA violations and what steps can be taken to best protect patients and health providers.
Identity theft is a serious topic we cover in-depth here on the blog. It’s a growing concern across the globe. How do you protect private and sensitive information at all times?
Paper shredding is the answer when it comes time to dispose of documents. However, maintaining safeguards for data should be daily and constant and in many industries is also the law.
In this post, we’re looking more closely at the role identity theft plays in conjunction with HIPAA violations and what steps can be taken to best protect patients and health providers.
But first a quick history lesson:
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law put in place in 1996 that requires national standards to be followed to protect patient health information. This protection must keep sensitive data from being disclosed without a patient’s consent or knowledge.
The problem is that many times the rules aren’t followed stringently. From poor staff training to an innocent error, the chances that private data is leaked are very high. Each instance, mistake, or with bad intent – all put patients at risk. Oftentimes we think of identity theft as a problem with financial data being breached, but medical identity theft is one of the most common types of data breach today, and protecting everyone from its damage is critical.
The Federal Trade Commission defines medical identity theft as an incident when another person’s name or insurance information is breached and used to submit medical bills or when someone uses their information for medical treatment, to get prescription drugs and other health-related services.
For healthcare organizations that are specifically targeted by cybercriminals, having strong security defenses is important. When implemented along with HIPAA compliance policies, it is possible to reduce the risk.
Understanding what private health information should remain protected is key. With this, organizations can violate HIPAA without even knowing it.
In addition to information about medical diagnosis and reports, information like social security numbers or insurance id’s can be breached and pieced together for an identity theft attack or other attack.
Simple information in a doctor’s appointment reminder text is enough to link someone’s data together and violate HIPAA. For this reason there are now protections in place for any identifying information (18 to be exact) that must remain protected at all times.
- Dates directly related to an individual, including birth, death, appointment, admission, discharge, etc.
- Telephone number
- Fax number
- Email address
- Social Security Number
- Medical Record Number (MRN)
- Health Plan beneficiary number
- Account Number
- Certificate/license number
- Vehicle Identifiers and serial numbers, including license plate numbers
- Device Identifiers and serial numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) address number
- Biometric Identifiers, including finger and voiceprints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code capable of identifying the individual and not used for any other purpose
To combat these risks, a strong HIPAA compliance program needs to be in place and show you are understanding the role. In addition, health providers should periodically review their data security practices to ensure safeguards are in place and that compliance with all rules and regulations is maintained.
YOU MIGHT ALSO LIKE:
- What are the Warning Signs of Identity Theft?
- What Are Identity Monitoring Services and Do You Need Them?
- Identity Fraud vs. Identity Theft: Know the Difference