Page 1

How  to  Protect  Your  Healthcare  Facility  From  Medical  Identity  Theft     Albany  Medical  Center  was  working   hard  to  take  care  of  its  patients  and   bring  a  higher  level  of  healthcare  to   the  community.  According  to  most   patients,  the  facility  was  doing  a   good  job  of  it.       Unfortunately,  the  medical  center’s   reputation  was  recently  damaged   when  one  of  its  own  nurses  was   caught  stealing  patient  identities.   With  the  help  of  her  boyfriend,  a   nurse  stole  over  50  patient   identities  and  applied  for  hundreds   of  credit  cards  in  their  names.  The   two  identity  thieves  were   eventually  caught  red-­‐handed  with   a  collection  of  patients’  names,  home  addresses,  Social  Security  numbers,  credit  cards,  and   gift  cards.         Sadly,  this  is  just  one  of  numerous  cases  in  which  nurses  swiped  patient  identities  for   personal  financial  gain.  As  a  medical  facility  or  administrator,  it’s  your  duty  to  protect  your   patients  from  identity  theft.  After  all,  more  importantly  than  harming  your  reputation  as  a   trusted  healthcare  provider,  medical  identity  theft  puts  your  patients’  lives  at  risk.  Here’s  how   to  safeguard  your  facility.       Be  Strict  About  Hiring   Implement  well-­‐defined  hiring  practices  to  weed  out  potential  threats.  For  example,  run   extensive  background  checks  on  each  applicant  to  make  sure  there  is  no  history  of  criminal   activity  or  association  with  criminals.  Also,  only  hire  personnel  that  can  show  their   qualifications  and  have  a  long  list  of  references—references  you  actually  check  up  on  as  well.   Reference  checks  are  important  for  every  position,  but  especially  for  the  nurses  who  will  have   regular  interaction  with  patients  and  their  private  information.    

Stick  to  Regulations   Your  patients  are  at  risk  every  time  employees  don’t  explicitly  follow  established  protocols   and  federal  privacy  regulations.  This,  of  course,  includes  adhering  to  the  rules  governing   protected  health  information  under  HIPAA.  Patient  records  are  a  goldmine  for  identity   thieves.  They  contain  all  of  the  information  they  need  to  easily  commit  medical  identity   theft—names,  addresses,  birthdates,  and  Social  Security  numbers.  Patient  files  may  even   include  credit  card  information  for  billing  purposes.  Make  sure  you  follow  all  of  HIPAA’s  strict   guidelines  for  how  patient  information  should  be  handled  to  reduce  the  likelihood  of  that   data  falling  into  the  wrong  hands.       Implement  Control  Systems   Set  up  control  systems  to  eliminate  opportunities  for  medical  identity  theft  to  occur  at  your   facility.  This  includes  considering  both  human  and  electronic  security  measures.  Create  an   extensive  set  of  policies  and  procedures  that  safeguard  patients’  personal  information:       • Hire  an  identity  theft  protection  company  that  specializes  in  not  only  preventing   medical  identity  theft  from  happening  in  the  first  place,  but  also  recovering  patient   identities  after  they’re  stolen.   • Develop  a  secure  IT  network  that  only  allows  authorized  users  to  access  patient   records.  Require  complex  passwords  to  login  to  the  network,  and  only  share  them  with   those  employees  who  need  access.   • Configure  computer  systems  containing  patient  records  to  automatically  logout  a  user   when  a  workstation  is  unattended.   • Add  security  screens  to  computers  in  public  areas.   • Hold  all  members  of  your  staff  accountable  for  complying  with  HIPAA  laws.   • Require  staff  to  participate  in  annual  competency  training  to  keep  their  patient  privacy   skills  up-­‐to-­‐date.   • Never  leave  patient  records  unattended  in  unsecured  areas.   • Regularly  shred  and  securely  dispose  of  printed  patient  records.   • Audit  your  system  regularly  to  see  which  records  have  been  accessed  and  by  whom.  If   you  notice  patient  records  have  been  accessed  after  hours  or  have  been  accessed   repeatedly,  call  those  employees  in  to  question.     • If  resources  allow  for  it,  hire  a  full-­‐time  privacy  and  security  officer  responsible  for   monitoring,  tracking,  and  protecting  patient  privacy.      

Prevent  Medical  Identity  Theft   If  your  system  is  breached  and  patient  identities  are  stolen,  hire  a  professional  identity  theft   investigator  to  run  the  investigation.  They  stay  current  on  all  of  the  latest  medical  identity   theft  methods,  and  use  techniques  to  quickly  find  the  identity  thieves.  The  last  thing  you  want   to  do  is  let  the  identity  theft  drag  on,  putting  more  patients  in  harm’s  way.     Ultimately,  as  a  reputable  medical  facility,  you  have  a  responsibility  to  keep  your  patients’   identities  under  lock  and  key.  Failure  to  do  so  not  only  threatens  patients’  health  and   finances.  Identity  theft  also  has  far-­‐reaching  legal  and  financial  implications  that  can  put  you   out  of  business.     Don’t  let  identity  thieves—whether  employees  or  people  outside  the  organization—wreak   havoc  in  your  medical  facility.  Visit  for  more  tips  and  to  learn   how  to  set  up  a  medical  identity  theft  protection  plan  for  your  business.    

How to Protect Your Healthcare Facility From Medical Identity Theft  

Is one of your nurses an identity thief? Set up an identity theft protection plan to safeguard your patients and your facility from medical...

Read more
Read more
Similar to
Popular now
Just for you