Identity theft is growing at an alarming rate. According to Business Week, patient medical records earn more money than resumes on the black or underground market. Health care practitioners must implement multiple methods to prevent identity theft. Patient records, including lab results, charts, reports, and prescriptions, must remain secure, confidential, and unavailable to unauthorized staff.
- Medical identity theft occurs when a third party obtains health care services or generates fake invoices to receive insurance payment using an unsuspecting person's identity. Hospitals cannot deny emergency medical services based on patients' inability to pay. While clinics and hospitals usually ask for patient identification, scam artists easily can create fraudulent identification and bypass lax security measures. Victims typically uncover the identity theft when they receive notices from collection agencies. However, it can take several years to clear up the damage, which usually involves disputing and correcting personal credit reports.
- The Health Insurance Portability and Accountability Act (HIPAA) is a federal law established in 1996 to improve health care practices by regulating medical data security. The Health Information Technology for Economic and Clinical Health (HITECH) Act represents another federal law that addresses patient records. Many states have enacted guidelines beyond federal regulations with the intention of further protecting patient records. For instance, New Hampshire requires practitioners to notify patients about any breach. If a physician knowingly fails to comply with regulations, most states impose disciplinary actions, which might include revoking or suspending the physician's license.
- Practitioners, such as doctors and dentists, must protect their patients' identity using different techniques. One essential tool involves hiring qualified, trustworthy employees, as employee theft compromises patient records. Address employee access by implementing controls so that the same person does not check patients in, ask for payment, and maintain records. Practitioners, especially those with computer-based record management systems, could audit patient record views. Common red flags include access to patient records after hours along with excessive views of celebrity or high-profile patients. Many insurance companies have programs that identify excessive claims that may or may not be suspicious.
评论