Identity Theft in Health Care Facilities Faith Mondry, J.D. United States Postal Inspector.
-
Upload
kristian-kennedy -
Category
Documents
-
view
212 -
download
0
Transcript of Identity Theft in Health Care Facilities Faith Mondry, J.D. United States Postal Inspector.
Identity Theft in Health Care Facilities
Faith Mondry, J.D.
United States Postal Inspector
TYPES OF ID THEFT
• Theft of patient identifiers by employee
• Theft of patient identifiers by non-employee
• Theft of employee information
• Theft of “paper” records, HR and/or medical
• Theft of digitized records, HR and/or medical
Ripped from the headlines:“Identity Theft Reported by 33%
of Healthcare Organizations”InformationWeek, November 9, 2010 article ID 228200516
• Theft of patient identifiers by an employee or contractor
• “Operation Quick Change”• U.S. Postal Inspection Service
Case, reported 3/25/2010, Chicago Tribune, janitorial employee alleged to have stolen patient identifiers out of files at night while she was cleaning medical offices
Ripped from the headlines: “Former Holy Cross Hospital employee pleads guilty to ID
theft”-Sun Sentinel, 1/26/2011
Fort Lauderdale, FL ER clerk alleged to have sold patient identifiers for cash
Can this type of theft be prevented?
• Best practices for pre-employment screening…do the most thorough background check available to your facility!
• Ask contractors to do the same• Ensure that all personal identifiers are
handled on a “need to see” basis• Ensure that all personal identifiers are
properly secured
• Theft or misuse of identifiers by non-employee
• How many stolen laptops do we need to read about before we get the point???
Ripped from the headlines:
“Stolen laptop contained Sebastopol substance abuse
patient information”
-www.pressdemocrat.com/article 20110114, January 14, 2011-physician’s laptop was stolen at a New York hotel
Can this type of theft be prevented?
• Restrict patient information and access devices leaving the facility
• Ensure that any information leaving the facility is encrypted and password protected
• Ensure that a policy is in place- and that employees are trained to follow it- when sensitive information goes on the road
Classic “medical identity theft”
• Patients use another identity to obtain medical services
• Fraudulent medical records lead to fraudulent billing to insurance companies
• consequences when drug allergies or interactions are under the radar with false patient identities
Ripped from the headlines:“ID theft at the doctor’s office”
-New Beauty Magazine, March 26, 2009
The “Big-Bust Bandit” in Orange County, CA used another woman’s identity to undergo liposuction and breast
augmentation at the Pacific Center for Plastic Surgery
Where do you keep personal identifier information?
• Digitized files on desktops and laptops– Who has access? Where are the computers
located? Is the area secure from non-critical viewing and usage?
– What about after hours?
Where do you keep personal identifier information?
• Paper files should be secured…even during the day when offices are occupied– File cabinets where information is stored
should be outside of public/non-critical viewing areas and should have restricted access when practical
How well does your physical layout protect you from identity
thieves?
Where do you place your incoming and outgoing mail?
• Postal Inspector…I have to ask.
What do you do when a breach occurrs?
• If an employee is the identity thief…REPORT IT TO LAW ENFORCEMENT and follow institution’s protocol for victim notification
• If a non-employee is the identity thief…REPORT IT TO LAW ENFORCEMENT and follow institution’s protocol for victim notification
Privacy Issues
• Legal issues regarding disclosure to law enforcement
• Risk of fraud/ID theft and continued victimization vs. legal requirements to protect patient privacy
• Crime on premises
Whom do you report it to?
• State and local law enforcement
• Federal law enforcement
• Depends upon the nature/scope of the crime
QUESTIONS???