By Jack Anderson
March 6, 2015
Medical Identity Theft up 21.7% (http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft). This makes even small clinics and practices targets if they are not HIPAA compliant.
I have had friends say that they aren’t worried about someone stealing their medical record because the information is not useful to anyone else. Au contraire mon ami! In fact your medical record contains all the information needed to steal your medical identity. They then say but what would they do with it? Typically the hacker or insider (like the underpaid receptionist in your doctor’s office) would sell a package of medical records to a third party. There have been criminal convictions of insiders doing exactly this!
What does this third party do with the information? They can use it to order drugs or medical treatment which will be charged to your account or they can sell it to someone else that will use it to their benefit. The financial gain works like this; the hacker or insider typically gets about $100 for the record. The third party charges $1,000 to the end user. As you know from experience it is not difficult to run up a six figure hospital bill.
This puts a clinic or practice with thousands of patients in the crosshairs of the bad guys. The next set of bad guys are the lawyers who file class action lawsuits. The courts have established that HIPAA compliance is a standard of care (see my last blog) so it the breach happens and it is shown that you were not HIPAA compliant you could be a target for a class action law suit. Typically they ask for $1,000 per medical record breached and settle for something less if they don’t have to go to court.
Having policies and procedures in place that meet the HIPAA standards, doing periodic risk assessments, training your staff, and most importantly documenting these efforts will help build a “legal firewall” around your company.
The stakes have gone up at the same time as the costs of HIPAA compliance have gone down. For more information contact me, jack@compliancehelper.com or go to our website at www.compliancehelper.com