Tips to Prevent Medical Theft from Hurting Your Health
There has been a lot of attention surrounding Target and their run in with identity thieves. During the 2013 holiday season, the number three retailers reported that hackers stole sensitive information from 70 million customers--including their full names, telephone numbers, and email and mailing addresses.
That's a massive security breach that's causing the retail giant huge issues, and identity theft causes consumers financial and legal problems that can linger for months, years--or even decades in some cases. However, that pales in comparison to when your medical records are stolen, and that's not just a hindrance to your financial reputation, it's dangerous, too. Incidences of it are increasing, also, with recent statistics indicating that 43% of identity theft in the United States being of the medical type. There are systems that can help prevent it, though, that your healthcare provider can use--such as Health Information Technology (HIT) in a population health management system.
This type of secure system provides the means to store, update and back up your sensitive electronic medical records. It also allows integrated record keeping used in provider networks that participate to you than manual record-keeping systems, additionally allows for better data backups and the prevention of security breaches by hackers. And it's critical to your well-being that an identity thief doesn't gain access to your medical records and pretend to be you. For instance, consider you have a severe drug allergy and are taken to the emergency room--you may even be unconscious when you're taken there. If someone used your identity to get free medical care previously, they may have updated your medical records to say that you don't have any drug allergies. Your doctor may treat you with a drug medication you're severely allergic to--not knowing anything different. You could suffer an extremely bad allergic reaction as a result.
Why Identity Thieves Want Your Medical Records
You may wonder who in their right mind would want your medical history. The answer to that question is someone with no health insurance or ethics. They want your medical information badly--then they can use your information to get expensive surgery or prescription drugs and leave you with the bill and all the unpleasant fallout from their illegal actions.
Many people have fallen victim to having their medical identity assumed, and they often find out that their medical identity has been stolen the hard way. They could find out after digging deeper after being accused of a crime they didn't commit, or after receiving notice from their bank, or even after viewing a suspicious credit report. Some even find out after they receive medical bills from hospitals after the thieves rack up thousands of dollars worth of charges in their name.
Victims that have had their medical identity hijacked can often find it challenging to clear up false medical claims and repair the changes to their medical records. The damage can be overwhelming, such as credit that's damaged for years, thousands of dollars of medical charges, and perhaps the worst part of it, dangerous and inaccurate medical information in their records that could have adverse effects on their health.
Electronic Records Help Prevent Medical Identity Theft
Electronic record keeping within a healthcare provider's office can make a patient's medical record more secure and avoid medical identity theft. HIT systems can block unauthorized viewers and keep track of when and by whom a record was viewed. An electronic health record (EHR) is data collected in a healthcare provider's office and provides an electronic comprehensive patient history. It is constructed to share and contain information from all healthcare practitioners that are involved in a patient's care. Its flow of information within a digital health care infrastructure leverages digital progress and changes the way healthcare is delivered After listening to public concern about the security of electronic information, congressional leaders with the support of Microsoft and several privacy groups introduced HIPAA Security Rule that boosted safeguards that protected access to a patient's medical information. Targeted legislation within it strengthened patient privacy and security of EHRs. HIPPA is a federal law, and it requires that your healthcare providers and hospitals formally notify you if your health information has been breached. This method lets a patient know if someone broke into their protected information and establishes accountability measures for your provider. Safety measures that should be built into an EHR systems should include
Access controls that limit access to your medical information, such as PIN numbers and passwords.
High level encryption of your stored medical information that disallows access by ensuring that your health information can't be understood or read by unauthorized people who could decrypt it by using a special key>Audit trails that record information about who accessed your medical information and what and when changes were made.
Take Control of Your Healthcare Security
One of the greatest advances in modern healthcare today is how HIT works in a population management system. This network of connected healthcare IT facilitates communications between everyone involved in the patient's care--and the patient plays an active role in their care. It is vital that this electronic health information used in the care system has robust secure messaging features to avoid medical identity theft.
Since a big part of the integrated population management system is the concept that patients are empowered and involved in their care, there are questions they can ask to make sure that their electronic health records stay secure. These are a few examples of questions a patient can ask to determine if their healthcare provider is implementing measures to keep medical records safe from identity thieves.
Are you using electronic health records instead of hard copies to record my medical information?
What HIPAA-compliant encryption method do you use to send and receive electronic interchange of my medical data?
How do you contact me if there has been a security breach, and my medical records have been viewed by someone that isn't authorized?
Are you using a cloud-based EHR system instead of a client-server system to store my electronic records?
That last key point hasn't been discussed yet, but it is important because cloud-based EHR systems deliver better security safeguards than client-server systems. They achieve a compliance to HIPAA because they have data centers that have bank-level securities and effective high-level encryption methods that make data unreadable if a security breach happens. A client-server system is usually left unencrypted and is only as secure as the room they are stored in.
Secure communication with everyone involved in a patient’s treatment is an essential component of today’s approach to healthcare, and a successful future of it is dependent upon engaging patients and educating them to play an active role in their chronic disease management and preventive care. As they and their providers begin accessing personal online space to view and use their healthcare information, it becomes more and more important that these electronic heath records stay secure with HIPAA-compliant encryption methods. Providers that aren't using this type of HIT system to keep medical records secure can be leaving their patients open to medical identity theft.
Holly Chavez and Jade Rich are the authors of this article. Holly is a freelance author and multidisciplinary writer who often contributes to medical and health and wellness blogs and forums. Her daughter, Jade, is a licensed practical nurse who works in an assisted living facility that has experience with electronic health records and has worked in doctor's offices that had population health management system IT and electronic medical records.
All user-generated information on this site is the opinion of its author only and is not a substitute for medical advice or treatment for any medical conditions. Members and guests are responsible for their own posts and the potential consequences of those posts detailed in our Terms of Service.