By Rick Fromme
 |
| Computer Security (Photo credit: IntelFreePress) |
With July 4th fast approaching, many of us will celebrate
our national holiday spending time with family and friends barbequing, hanging
out together in the long summer evening, and perhaps watching fireworks.
The Fourth of July or Independence Day, as it’s
officially called, commemorates the ratification and adoption of our
Declaration of Independence in 1776, as the 13 original states declared their
independence from the Kingdom of Great Britain. Our fledgling country had won
its freedom from foreign tyranny.
Today, although we remain politically free from the yoke
of any other country, the U.S. and its citizens face an ever-mounting threat on
our personal freedom and identities from the continuous onslaught of
cybercriminals. These e-crooks — some independent,
some as part of syndicates, and some even as foreign governments’ agencies —
seek to steal our precious assets, among them, our medical care records. And
despite the conveniences and efficiency that Electronic Medical Records (EMR)
continue to provide, their very “cybernature” makes our most personal of
private information even more vulnerable to cracking, hacking, spying and
hijacking.
With increasing frequency, cyber criminals are focusing their nefarious efforts on medical identity theft. Why? According to Larry Ponemon, founder of the
Ponemon Institute, “in the world of black market information, a medical record
is considered more valuable than everything else.” Released in March, Its Fourth
Annual Benchmark Study on Patient Privacy & Data Security specifically
focused on “new and expanded threats to the security and privacy of patient
information in the U.S. health care system.”
 |
| Hacking in a suite at clarion (Photo credit: Johan Nilsson) |
The report’s disturbing conclusion: Criminal attacks on
health care systems have risen 100% since it first conducted its studies in
2010. This, according to nearly a
hundred different health care organizations that participated in the study.
These included hospitals and clinics that were part of a health care network,
integrated delivery systems, along with individual hospitals and clinics. All
organizations in this research were subjected to HIPAA as a covered entity.
Credit card information has long been one of the coveted
“jewels” that criminals like to get their dirty hands on. Specifically relating
to health care identity theft, these ne’er-do-wells seek to obtain such
information as Social Security numbers and personal health records, as this
type of data is stored much longer versus credit card numbers (in most cases).
Several studies have indicated that sloppy behavior, such
as health care employees losing a laptop or other mobile devices that have
unencrypted data, is one of the main avenues would-be criminals use to scarf up
our private medical information.
Contributing to the likelihood of this occurrence is the often times
rushed nature of a health care employee’s job. So focused can a provider be in
terms of taking care of patients, they inadvertently compromise their attention
to security.
Breaches can also result from third-party contractors who
can get their hands on public medical data. The continuing proliferation of
ever more sophisticated mobile devices makes it even easier for criminals to
steal data, especially when you consider 88 % of medical facilities
permit
employees to access patient data via their own mobile devices. Think about that
for a moment. What percentage of these employees do you think have the
necessary encryption software and other security measures in place on their
tablets or smartphones?
Even visiting the hospital one time — say for a routine
exam — can give six to 10 companies virtually unrestricted access to one’s
medical data. This includes the hospital itself, extraneous labs, specialty
providers, health insurance companies, pharmacies, medical equipment providers
and other entities.
 |
| Anonymous Attack (Photo credit: HonestReporting.com) |
While the implementation of the Affordable Health Care
Act (ACA or ObamaCare) has been lauded by some and cursed by others, the
Ponemon study reported unequivocally that nearly 70% of its participants felt
the ACA “significantly increases” or “increases” the risk to patient privacy
and security. Of primary concern is the insecure exchange of patient
information between health care providers and the government. FYI: Several U.S.
agencies have been repeatedly hacked, including by elements of the Chinese
government. Check out this blog by Internet experts, Working the Web to Win, “How Close is the US to Experiencing a Digital Pearl Harbor?”
Another concern regarding the ACA was the volume of patient data existing on
insecure databases, and applicants registering for the ACA on insecure
websites.
Of course, health care employees are health care consumers
as well. Regardless of one’s specialty, you or your family members are no doubt
periodically in need of routine exams, checkups, and medical care. That means your
medical records are vulnerable, too.
According to the Federal Trade Commission:
“A thief may use your name or health insurance numbers to
see a doctor, get prescription drugs, file claims with your insurance provider,
or get other care. If the thief’s health information is mixed with yours, your
treatment, insurance and payment records, and credit report may be affected.
If you see signs of medical identity theft, order copies
of your records and check for mistakes. You have the right to see your records
and have mistakes corrected.”
It also makes the following recommendations:
 |
| Identity Theft (Photo credit: Don Hankins) |
Read your medical and insurance statements regularly and
completely. They can show warning signs of identity theft. Read the Explanation
of Benefits (EOB) statement or Medicare Summary Notice that your health plan
sends after treatment. Check the name of the provider, the date of service, and
the service provided. Do the claims paid match the care you received? If you
see a mistake, contact your health provider and report the problem.
Other signs of medical identity theft:
- A bill for medical services you didn’t receive
- A call from a debt collector about a medical debt you don’t owe
- Medical collection notices on your credit report that you don’t recognize
- A notice from your health plan, saying you reached your benefit limit
- A denial of insurance because your medical records show a condition you don’t have
In this article, I talked about the ever-growing problem
of Electronic Medical Record (EMR) identity theft. I shared information
compiled from a respected annual, national study that found medical record
hacking and theft is growing rapidly. I also shared some of the causes of increased medical identity theft, from the proliferation of unsecured mobile devices to the
implementation of the ACA. I also offered some suggestions about what health
care providers — who are also health care consumers — should do to help
minimize breaches of their own and their families’medical
records. If you found this article
helpful, please leave a comment and share it with your colleagues, family and
friends. As always, I appreciate your comments.
Rick Fromme combines entrepreneurial enthusiasm
with an insider's knowledge of the medical industry to co-found MedMasters.com. Both
his drive and perspective helps provide health care professionals with a
superior mechanism with which to communicate, network and market their
strengths. Prior to founding MedMasters.com, Rick
operated a highly successful medical device distributorship. Other milestones
in his 12-year career in the medical industry include a key position at a
medical device start-up company that was later sold to the Ethicon
Endo division of Johnson & Johnson. You may also reach Rick
by connecting with him on Facebook, Twitter, Google+, LinkedIn and YouTube.
Related Articles
Medical identity theft is another symptom of the epidemic of cybercrime that has been taking place worldwide. Everyone needs to take this threat seriously and take steps to protect their data.
ReplyDelete"Be afraid ... be very afraid."
ReplyDeleteID theft is growing at an alarming rate, however I fee nothing will abate it unless banks and other financial institutions are held more labile. This would force them ti institute greater security measures like finger print scan for online orders and ID check on all purchases at stores etc...
ReplyDelete