Managed File Transfer: Preventing Healthcare Identity Theft

17 06 2010

In a recent report by the Smart Card Alliance entitled, “Medical Identity Theft in Healthcare,” the study sites that, “Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services budget.” In 2009 alone, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk according to the Identity Theft and Resource Center (ITRC).

Paper records are no longer acceptable for your organization.

The American Recovery and Reinvestment Act (ARRA) and the associated provisions under the Health Information Technology  for Economic and Clinical Health (HITECH),  have highlighted the need to address security and privacy across our healthcare system.

The report goes on to state that “the way to stop medical identity theft confusion is to improve patient identification and provide enhanced data production through strong authentication and encryption.” How can a healthcare organization achieve this? B2B Managed File Transfer. Protection of patient information does not happen just inside the four walls of your organization. Think of the providers, health record banks, health insurance and hospital Web portals.

The key is two-factor authentication and data encryption. Are you employing these security methodologies at your organization?


Does a Visit to the Optometrist Put Me at Risk?

22 03 2010

Recently, I was at the optometrist for my annual eye exam. I was  greatly surprised that all of their patient information was currently in manila file folders with some sort of coding system. At one point in the paper work, I was asked to include my Social Security number for insurance purposes. I looked up at the receptionist and asked if this was really necessary.

“Do I need to enter that information? I can tell you, but I don’t want it printed in my file.”

She had no problem with it, but it made me wonder what other PHI (personal health information) and confidential information about myself, I had filled out at a doctor’s office over the years. Even for a simple visit for new contacts, I was asked many questions about my physical health and family history. I started to wonder how this particular office keeps the information protected.

This image does not make me think my PHI is secure.

My Personal Health Information (PHI) was in a file behind the reception desk. While I know they need certain information for insurance reasons, how do they keep this secure? If I had written down my SS number, who had access to it? My first thought was identity theft.

While I know EMR (electronic medical records) and solutions that help transfer these records securely are on the rise, I had to ask myself why my optometrist was so behind the times. Why can’t they send my information to my insurance company electronically? It would be more simple, make me feel more secure and increase their overall customer satisfaction. Moreover, they would comply with new HITECH and HIPAA mandates.

The next time I am at a doctor’s office, I will be much more aware of how they store they PHI.