By Jack Anderson
March 30, 2015
We worry about either catching something like the flu or pneumonia during a visit to our physician, clinic, or hospital but medical identity theft would be an even more serious iatrogenic condition. If your provider is not HIPAA compliant they raise the chances of a data breach that could expose your patient medical record to theft by outsiders such as hackers or insiders such as staff . Patient medical records have high value on the black market which has raised concerns about the privacy and security in physician offices, clinics, and hospitals.
To compound the problem healthcare entities share your data with many other companies. Insurance companies, billing companies, software companies, laboratories, and many others access, maintain, store, and transfer these records. Many of the companies in the pipeline are unaware of their HIPAA responsibilties to protect these records. Recent episodes have documented companies, throwing paper records in public dumpsters, storing in unsecured warehouses, leaving them unsecured on laptops which have been lost or stolen, leaving them accessible to the public on the Internet, and allowing hackers to steal millions of electronic records.
Despite the claims of some vendors there is no certification process for healthcare organizations that is authorized by Health and Human Services. So if you see a HIPAA certificate, beware. One good test is whether the organization has had a recent risk assessment that meets the NIST (National Intitute of Standards and Technology) standards. Another is displaying the Compliance Meter from Compliance Helper. The meter displays the results of documented compliance activities and documented policies and procedures.
HIPAAssure(r) and the Compliance Meter provide assurance that the company is compliant on an on-going basis. For more information or a demonstration contact jack@complianchelper.com or go the website at www.compliancehelper.com