Looking for a Business Associate Agreement? Download our FREE template.

Total HIPAA Logo

Stop PHI from Being Stolen

The Total HIPAA blog to-date has focused on strategies to protect your clients’/patients’ information, but we’re going to change it up this week. We recently came across a white paper from the Ponemon Institute. They reported there were over 1.8 million victims of medical identity theft in 2013.

According to this report, the risk that your Protected Health Information would be compromised went up a whopping 19% over the previous year. Most shocking, many of the issues companies and healthcare practices are running into aren’t from hackers or outsiders – they are trusted individuals inside the organization. These are a few examples of employees, business associates, and even volunteers that have stolen PHI, used it for monetary gain and what you can do to try to protect yourself.

Employees-

These 2 examples are very new, and haven’t been adjudicated, yet.

    1. An office worker in a medical office in Owensboro, KY used patient information to get personal loans ranging from $300 to $7,000.

Read More

    1. A medical records administrator in Hackensack, NJ was arrested for stealing patient identities to commit credit card fraud. She is being held on $35,000 bond at the moment.

Read More

Business Associate-

Over four years, a supervisor at a billing and collection company filed false tax returns using stolen patient information. “She was using her name, her husband’s name, her daughter’s name in order to not be detected. She started using varying forms of her name, husband’s name, to get these refund checks requested,” says U.S. Postal Inspector Jamie Portell.

Read More

Volunteer-

A volunteer working at a VA Hospital stole patient information and filed false tax returns for over $550,000.

Read More

How do you prevent these HIPAA violations in your company/practice?

  1. Background checks – Before hiring staff or allowing volunteers on the premises, it’s important to know with whom you’re working. This means criminal records, reference checks, and possibly a financial check before employment.
  2. Conduct a Risk Assessment – Many people overlook this important and required HIPAA regulation. You need to identify areas of vulnerability and what you can do to address them.
  3. Creating Privacy and Security Policies and Procedures – Another requirement of HIPAA, and for good reason! Make sure you develop these compliance documents and train your employees on what’s in them. The best policies and procedures are useless if no one reads or knows anything about them.
  4. Train your Staff – Your employees should know what are proper behaviors and use of PHI. In many of the referenced cases it wouldn’t have stopped the offenders, but perhaps a colleague would have seen irregular behavior, or access to information.
  5. Perform Periodic Audits – In this case, you’re looking for high-risk behaviors. Are there documentation errors? Is an employee accessing a patient record they don’t have authorization to access? Is there irregular behavior observed in the system?

Even with the best protections in place, thefts can still happen, but by being proactive you can better protect your company/practice and the information entrusted to you.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2024

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)