TECHNOLOGY 93
their income; sometimes it’s organized crime setting up a fraudulent payment processor and submitting all sorts of equipment and false charges. And sometimes it’s an individual trying to get access to healthcare, or reselling somebody else’s health insurance ID to people who don’t have health insurance, so they can get treatment. “Th is is a newer, growing form of identity theft where the exploitation isn’t about money; it’s about using the healthcare system to either drive money or goods or services. “People don’t always think about this form of crime, and the information needed to be able to perpetrate it is a little bit different than with credit cards. People know credit card and Social Security numbers and bank account numbers are sensitive, but they don’t always realize that their health insurance ID, a doctor’s DEA number, or other information that routinely shows up in healthcare and elsewhere should be considered sensitive and protected, because increasingly it is being exploited.”
Inside information It’s obvious then, that fi les containing a patient’s health information must be protected whenever they leave their place of origin. Unfortunately, though, it’s not always that simple; Koenig says that increasingly such crimes are perpetrated by knowledgeable insiders. “Providers or hospitals or insurance companies may fi nd themselves in a situation where organized crime has recruited one of their employees,” he explains. “In hospitals, often it’s someone in admissions and enrollment – or in the bill collection, janitorial or computer programming staff – people who have access to the information and sometimes computer access codes, or physical keys and access badges to rooms that may have records, where that information may be at risk. “Another example could be a doctor with shared office space who borrows their neighbor’s patients’ ID numbers in submitting false claims to heighten their income. Or an administrator in the office could take all the health insurance IDs and sell them to organized crime so they can resell them to people without access to healthcare, or to get prescription drugs. When they submit those claims for equipment and prescription drugs sometimes they’ll make up a fraudulent provider. “It’s still a less frequent crime than more general identity theft, but it is growing, and politicians and advocacy groups are concerned that it will increase with the acceleration of the movement of health information through electronic records and health information exchanges and other avenues.” This doesn’t mean, however, that the advent of EHR will make our health information less secure. What it does mean, according to Koenig, is that access must be carefully controlled. “Health records are designed to allow every healthcare professional involved in the course of treatment to see a full continuum of information for each patient, to improve the quality of care. “On the positive side, let’s say you had cancer or another serious disease. Having your doctor’s reports and visits, your laboratory blood work and results, your x-rays and your notes from the cancer care treatment center as well as the hospital, all within one electronic health record will improve the quality of your care, and will also help the health insurance company analyze the course of treatment. “On the negative side, if the right access controls aren’t designed in the systems, or the right contractual rights included in the contracts, that information could be viewable by a wide range of people who don’t necessarily need to see it. “Also, if the right controls and restrictions aren’t put in there, you could have people looking at historical data that are not important. Does your dentist need to see that you had cosmetic surgery 30 years ago? There aren’t rules around it and frankly there aren’t defined contractual restrictions.”
Koenig_TECHNO.indd 93
10/11/2010 15:40