The act of obtaining and using someone’s personal identity without their consent is considered identity theft. Identity theft is not new and by no means limited to the healthcare industry. On the other hand, considering only the first two months of 2017, and based on the total number of data breaches reported, the healthcare industry boasted a grand total of 79 data breaches. In other words, 25.3% of all data breaches were in the healthcare industry. Not a significant number unless you consider that there were 740,000 records within these breaches and that the same accounted for 57.2% of the total records exposed in the first two months of 2017. Looking at it from another point of view:
- 1.5 Million Americans are victims of Identity theft every year
- Average Cost to restore Identity after medical identity theft $20,160
- 21% of medical identity theft didn’t discover the problem for two or more years after the incident
- Average settlement costs for healthcare facilities per incident $250,000
- Nearly half of the victims of healthcare identity theft lose their health coverage
Let’s be clear, medical identity theft is a criminal act. Medical Identity Theft is also considered a violation of HIPAA Privacy, HIPAA Security and a number of other laws and regulations. Yet the key consideration is what can we do about this problem? For beginners, we would recommend three basic actions:
- Make sure your HIPAA Security Officer and HIPAA Privacy Officer address this issue;
- Develop policies and procedures regarding this issue and ensure everyone’s knows about them and understands the same;
- Train everyone as it regards this issue.
Additional preventive actions include:
- Shield your keypad when entering passwords and logins;
- Do not respond to unsolicited requests for personal information;
- Install firewalls and virus detection in every device;
- Shred receipts and paperwork that may contain personal information;
- Create complex passwords.
The Federal Trade Commission also offers several resources and recommendations regarding identity theft which may be accessed by visiting their website at: https://www.consumer.ftc.gov/topics/identity-theft. You can also contact Taino Consultants Inc for professional guidance or EPI Compliance for assistance with policies, forms and training.
About Dr. Jose Delgado
Dr. Jose I. Delgado is the founder and CEO of Taino Consultants, a veteran-owned, 8(a) graduate healthcare IT consulting firm based in St. Augustine, Florida. With over 30 years of experience in healthcare compliance and government contracting, Dr. Delgado has helped organizations navigate HIPAA, MACRA/MIPS, and federal IT security requirements.
Need help with healthcare compliance?
Taino Consultants provides HIPAA compliance consulting, MACRA/MIPS compliance support, and healthcare IT modernization services for government and private healthcare organizations.
Schedule a consultation
