Tuesday, March 31, 2015

Medical identity theft - fastest growing indentity crime in the U.S.

A NAHAM member found this article for us on bizjournals.com: Medical identity theft is fastest-growing identity crime in the U.S.

You may find the article here:

Medical identity theft has impacted over 2.3 million Americans. The ramp up in this type of identity theft makes it the fastest growing identity crime in the U.S.  The authors make note of the recent Anthem data breach and conclude that one in three Missourians are impacted by medical identity theft.
In February, Anthem, the nation’s second-largest health insurer, announced that its systems had been the target of a sophisticated external cyber-attack. This attack, one of the largest data breaches in U.S. history, impacted one in three Missourians, according to state officials. Since the breach involved health insurance information as well as Social Security numbers, the affected individuals are at true risk of medical identity theft.

 The two most common forms of medical identity theft?

The two most common include an individual posing as someone else in order to secure medical goods, prescriptions or services; or an individual billing someone else’s insurance, Medicare or Medicaid without their knowledge.
As with other types of identity theft, the victim often doesn't realize what has happened. But the risks associated with healthcare can be significant.
The affected person does not realize fraudulent activity has occurred. Electronic health records could be fraudulently changed, meaning anything from incorrect allergies to preexisting conditions. This could lead to a future misdiagnosis or inappropriate medical treatment.

Healthcare providers should take note.  There is a patient expectation that providers are proactive in guarding against identity theft.

Health care providers without effective security measures should take note: 48 percent of consumers said they would consider changing health care providers if their medical records were lost or stolen, according to the Ponemon Institute’s Fifth Annual Study on Medical Identity Theft. Consumers expect health care providers to be proactive in preventing and detecting medical identity theft. Forty percent say that if a breach occurs, it is important to receive immediate notification by the organization responsible for protecting their health care information.

So what is a provider to do?
While medical identity theft is most harmful to a consumer, organizations that handle personal health information (PHI) can suffer costly legal ramifications as well as a tarnished brand if they are the source of the data breach. To be less susceptible to these and other liabilities, cyberattack prevention and cyber insurance plans should be in place. While there are several components that make up an effective cybersecurity strategy, the following can be the key lines of defense against an attack or when facing ramifications:

Encryption — Data at rest and data in motion should be encrypted to at least the levels recommended by HIPAA legislation. This will help minimize the risk that data is compromised.

Data leak prevention (DLP) — Also known as data loss prevention, DLP is a data security technology that monitors data in use, in motion and at rest in order to detect potential data breaches in a timely manner and prevent them. A DLP system configured properly handles careless data leaks by internal sources as well as intentional data theft by external hackers or malware.

Cyber insurance — Organizations that store or transmit personally identifiable information (PII) should review the insurance options for cyber protection. A variety of insurance policies cover things like the cost of fines, notification that PII has been compromised, liability and business interruption. Cyber policies vary greatly and an independent insurance consultant can help review the best coverage option.

Do you have any best practices or policies to share?  Please let us know.

Hospital Efforts to Improve Patient Satisfaction

Kaiser Health News reported earlier this month on hospital efforts to improve patient satisfaction.  See the report Hundreds Of Hospitals Struggle To Improve Patient Satisfaction, which also had a 4 minute air on National Public Radio.

The report notes the growing importance of patient satisfaction surveys, driving in large part by the prospects of pay levels from Medicare and some private insurers.

Since Medicare began requiring hospitals to collect information about patient satisfaction and report it to the government in 2007, these patient surveys have grown in influence.  For the past three years, the federal government has considered survey results when setting pay levels for hospitals. Some private insurers do as well.

Read the article in full and search for hospital patient satisfaction survey results.

Hospitals randomly survey former patients to learn about the quality of their stays. These surveys are collected and information from them is published by the U.S. Centers for Medicare & Medicaid Services, which also uses the results when setting Medicare pay rates.

Follow the link to the article above and use the imbedded tool to see how patients rated hospitals across the country on 11 topics and how each hospital compares with state and national averages. These scores reflect responses from patients who were discharged between January 2013 and December 2013. They include responses from adult patients and are not restricted to those on Medicare.