I'm sure a lot of you have heard of identity theft but what about Medical identity theft?
It's possible and it's happening. A recent data breach at Beth Israel hospital in Massachusetts has left many of its patients at risk of having their medical identity stolen. Medical identity theft is a spin on regular identity theft as it can affect your finances and credit, but it can also affect your health.
What are the warning signs that someone is trying to steal your medical identity?
1. You get a medical bill for services you did not receive
2. A debt collector contacts you regarding a bill for medical services you did not receive
3. You get a copy of our credit report and you see medical collection notices that you do not recognize
4. You try to make a legitimate insurance claim but your health plan says you have reached our limit
5. You are denied medical insurance coverage because your medical records indicate a condition that you do not have
Not only could your finances be affected by medical identity theft, but your medical records and history could be altered which may lead to you receiving improper treatment which may cause illness or worse.
To stay protected, make sure you do the following...
1. Verify sources before giving out information. Giving out medical or personal information over the phone or through e-mail can be risky business and put you are higher risk of having your medical identity stolen.
2. Safeguard your medical and health insurance information. Make sure that your paper files and any medical information you have is protected either under lock and key by using a secure medical archiving vendor or, if your information is online, make sure it is password protected. Always check the security of a website before entering your social security number or credit card information.
3. Properly dispose of your records. If you keep your medical records for a period of time, when the time comes to get rid of your records, never just toss them in the trash. Make sure they are securely shredded and disposed of afterwards.
For more information on how to protect your medical identity, visit
and if you think your rights under HIPAA have been violated, please visit
The US Department of Health and Human Services (HHS) fined Massachusetts General Hospital $1 million today for losing the medical records of 192 patients, the second ever fine imposed on a healthcare organization for violating the Health Insurance Portability and Accountability Act (HIPAA),
HHS's Office for Civil Rights (OCR) made the following statement in their press release:
"We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement. It is a covered entity’s responsibility to protect its patients’ health information.”
The records that were lost in this case were not electronic, but the law and penalties do not differentiate. However, if encrypted electronic records are lost, you are not required to notify HHS or patients of the incident. In other words, encrypt your data!
The first ever fine for HIPAA violations, imposed on Tuesday, was $4.3 million dollars against Cignet Health of Maryland. Cignet had failed to provide patients a copy of their medical records upon request.
The really disturbing part, though, was that, after Cignet attempted to ignore the government's enforcement action, not only did they deliver the 41 patients' records to the Department of Justice, they handed over 59 boxes of patient medical records, including records for 4500 people unrelated to the case.
From time to time, I have asked health care professionals what they are doing to comply with HIPAA. One doctor told me, "When they start putting doctors in jail, I'll worry about encrypting my records." Maybe these enforcement actions by HHS will change his mind.
Data Leakage Prevention tools and encryption can both play a part in being HIPAA and HITECH (Health Information Technology for Economic Clinical Health) compliant. For details on how Sophos can help, browse over to our HIPAA hot topic page.
If you work in the healthcare industry, stop by our booth at the Healthcare Information and Management Systems Society conference in Orlando March 21st to 23rd. You can find us at booth 5178 to learn more about how we can help you secure your patients information.