ID Theft Checkup: 4 Ways Medical Organizations Can Better Protect Patient Data
January 14, 2020
2019 was the worst year in history for healthcare data breaches. Almost 32 million patient records were breached during the first half of 2019 – more than double the number of records breached over the entire 2018 calendar year, according to the Protenus Breach Barometer. Many high-profile organizations such as American Medical Collection Agency fell victim to nefarious attacks.
Criminals are getting through cracks in organizations’ cyber defenses to steal patient data and profit from vulnerable health systems. Why? According to a study published in Annals of Internal Medicine, over 70 percent of hospital medical record breaches compromise sensitive patient information such credit card numbers, social security numbers and birth dates.
This increases the risk of identity theft, as hackers are purportedly willing to pay ten times more for medical information than a credit card number on the black market. Hackers use medical records to solve security questions that are otherwise difficult to answer, gain access to insurance benefits, or even illegally receive prescription drugs.
Healthcare organizations must take preventative steps to better protect patient data and avoid becoming the next front-page headline (and receive a costly HIPAA violation fine!).
Adopt Identity Safeguards
Healthcare providers should take a page from the Know Your Customer (KYC) regulations adopted by the financial services industry. This practice verifies that the customer is who he or she claims to be, confirms that they’re not on any prohibited watch lists, and assesses their general risk factors.
This practice affords medical offices, clinics, hospitals and pharmacies with the ability to approve or deny customer onboarding and online transactions. Once the account is approved, the organization can use identity verification technology to simply compare a current photo against the one captured during onboarding to authenticate the patient.
Protect Access to Medical Records
To avoid HIPAA violations, it is important for the organization to ensure it’s giving the right patient access to their own data. According to HIPAA Journal’s November 2019 Healthcare Data Breach Report, there were three financial penalties imposed on HIPAA-covered entities totaling nearly 7 million dollars to resolve HIPAA violations.
Secure log-in monitoring and device intelligence can help confirm that the person trying to log in is who they say they are.
Educate Staff on Security Threats and Warning Signs
Many breaches are not malicious – they can be filed under “human error.” A current and comprehensive employee training program can better prepare healthcare providers against continually evolving cybersecurity threats. This is especially true for employees within smaller organizations, where there are fewer resources and IT staff is often tasked with managing multiple roles.
Workforce training and management is a requirement for all covered entities under the HIPAA Security Rule. A covered entity must train all workforce members regarding its security policies and procedures and must have and apply appropriate sanctions against workforce members who violate its policies and procedures.
Automate Patient Portal Enrollment
Customer onboarding is a tedious process. The manual input of forms can result in incorrect personally identifiable information (PII) being entered into patient records. Using an automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.
Acuant MedicScan® provides automated data and image intake of IDs and medical insurance cards. IDs and insurance cards are scanned to directly auto-populate patient PMS/EMR/EHR application in seconds. Acuant AssureID® provides instant and seamless identity verification to know who your patient is and if they are who they say they are- all in the same step as Acuant MedicScan. Products can be layered or engaged alone.