The Rise Of Medical Identity Theft In Healthcare
48 views
Skip to first unread message
K.S. Bhaskar
May 2, 2014, 9:24:51 PM5/2/14
to hard...@googlegroups.com
http://www.kaiserhealthnews.org/stories/2014/february/07/rise-of-indentity-theft.aspx confirms something that I suspected - medical identity theft is easier and more pernicious than identify theft in banking / finance. Some violations are egregious. A stupid MetLife dental plan, for example, requires the patient's social security number for a provider to submit a claim electronically, and they claim their IT systems are secure. OK, even if I buy the security of their IT systems, how about the non-so-sophisticated-with-IT receptionist who has a patient's SSN written down on a PostIt note?
For anyone who is not serious about IT security in healthcare, it's time to wake up.
Regards
-- Bhaskar
K.S. Bhaskar
May 2, 2014, 9:26:58 PM5/2/14
to hard...@googlegroups.com
And it's not just hospital IT systems. For example, see http://www.wired.com/2014/04/hospital-equipment-vulnerable/
Regards
-- Bhaskar
Kevin Toppenberg
May 3, 2014, 9:36:01 AM5/3/14
to hard...@googlegroups.com
That was a frightening article!
Thanks
Kevin
Nancy Anthracite
May 3, 2014, 10:14:07 AM5/3/14
to hard...@googlegroups.com, Kevin Toppenberg
Recurrent Soap box warning:
This is the statement in the article is what makes HIPAA virtually useless.
Entities use it to get away with just about anything they want to based on
this. In fact, I am sure that it is the basis on which HHS determined it was
its right to get quality measure data that included drug and alcohol
dependence patient specific information on those 13 and over and depression
information on those 12 and over among a myriad of other bits of information
they can gather, like your BMI and whether you smoke, by getting QRDA I
reports from your Meaningful Use certified EHR.
"The HIPAA law includes exceptions that allow a provider to share medical
information without a patient’s permission. A common example is when hospital
business offices share information for the purpose of seeking payment. But there
are also exceptions for “public health activities,” “health oversight
activities,” “law enforcement purposes,” and other purposes. No wonder, Pyles
said, some patients are reluctant to disclose to a medical provider that they
have a sexually transmitted disease or a mental illness unless they have to."
This also discusses what I mentioned about patient portals. Hospitals and
providers are required to put one up, but look what they are subject to if
they are hacked, all courtesy of HHS.
"HHS can impose a civil fine of between $100 and $50,000 for each failure of a
business, institution or provider to meet privacy standards, up to a maximum
of $1.5 million per year."
"Under the HITECH law, a medical provider, health plan or medical institution
must notify patients when a breach of their medical records is discovered. HHS
must also be contacted. HHS discloses breaches involving 500 or more
patients."
--
Nancy Anthracite
On Saturday, May 03, 2014, Kevin Toppenberg wrote:
> That was a frightening article!
>
> Thanks
> Kevin
>
> On Friday, May 2, 2014 9:26:58 PM UTC-4, K.S. Bhaskar wrote:
> > And it's not just hospital IT systems. For example, see
> > http://www.wired.com/2014/04/hospital-equipment-vulnerable/
> >
> > Regards
> > -- Bhaskar
> >
> > On Friday, May 2, 2014 9:24:51 PM UTC-4, K.S. Bhaskar wrote:
> >> http://www.kaiserhealthnews.org/stories/2014/february/07/rise-of-indenti
> >> ty-theft.aspxconfirms something that I suspected - medical identity
This is the statement in the article is what makes HIPAA virtually useless.
Entities use it to get away with just about anything they want to based on
this. In fact, I am sure that it is the basis on which HHS determined it was
its right to get quality measure data that included drug and alcohol
dependence patient specific information on those 13 and over and depression
information on those 12 and over among a myriad of other bits of information
they can gather, like your BMI and whether you smoke, by getting QRDA I
reports from your Meaningful Use certified EHR.
"The HIPAA law includes exceptions that allow a provider to share medical
information without a patient’s permission. A common example is when hospital
business offices share information for the purpose of seeking payment. But there
are also exceptions for “public health activities,” “health oversight
activities,” “law enforcement purposes,” and other purposes. No wonder, Pyles
said, some patients are reluctant to disclose to a medical provider that they
have a sexually transmitted disease or a mental illness unless they have to."
This also discusses what I mentioned about patient portals. Hospitals and
providers are required to put one up, but look what they are subject to if
they are hacked, all courtesy of HHS.
"HHS can impose a civil fine of between $100 and $50,000 for each failure of a
business, institution or provider to meet privacy standards, up to a maximum
of $1.5 million per year."
"Under the HITECH law, a medical provider, health plan or medical institution
must notify patients when a breach of their medical records is discovered. HHS
must also be contacted. HHS discloses breaches involving 500 or more
patients."
--
Nancy Anthracite
On Saturday, May 03, 2014, Kevin Toppenberg wrote:
> That was a frightening article!
>
> Thanks
> Kevin
>
> On Friday, May 2, 2014 9:26:58 PM UTC-4, K.S. Bhaskar wrote:
> > And it's not just hospital IT systems. For example, see
> > http://www.wired.com/2014/04/hospital-equipment-vulnerable/
> >
> > Regards
> > -- Bhaskar
> >
> > On Friday, May 2, 2014 9:24:51 PM UTC-4, K.S. Bhaskar wrote:
> >> http://www.kaiserhealthnews.org/stories/2014/february/07/rise-of-indenti
OldMster
May 3, 2014, 4:17:24 PM5/3/14
to hard...@googlegroups.com, Kevin Toppenberg, nanth...@earthlink.net
Yes, why do you think the government was so happy to spend money on meaningful use incentives? They'll get it back 100 fold in the future in fines levied for privacy breaches......
Mark
Reply all
Reply to author
Forward
0 new messages