Theft Protection

I am traveling to the InSight 2009 Annual Conference in Orlando this week to meet with scores of healthcare organizations struggling in the face of a growing epidemic of issues related to medical identity theft.  In preparation, I have given a great deal of thought to what hospitals can and must do to protect themselves and their patients.

First, let’s examine the challenges that hospitals and health providers are dealing with:

Medical Identity Theft Is Growing:

• Medical identity theft increased 300% between 2007 and 2008
• 85% of healthcare providers experienced a data breach in 2008

Patients Are Unhappy:

• 40% of consumers change their relationship with affected businesses

Regulation is Getting More Complex:

• In 45 states not reporting a data breach is illegal
• Enforcement of the FTC’s Red Flags Rule begins November 1, 2009
• New HHS guidelines require patient notification of data breaches

Costs Are Soaring:

• Data breaches cost an average of $202 per record lost
• The average hospital will spend 450 hours a year meeting Red Flag compliance requirements
• FTC Red Flag fines can be up to $2,500 per incident and up to $11,000 per day per organization

The Diagnosis:  Left untreated, healthcare organizations will remain in critical condition.  Hospitals must come to grips with identity theft, data breaches and compliance in order to lower their financial and legal exposure, maintain patient loyalty and protect their reputations with regulators, the media and the public.

The Treatment Plan:  Hospitals must be proactive.  Simple, cost-effective steps can be taken that will dramatically improve the chances of avoiding harm.

• Build a data breach-free environment.  This goes beyond the “security technology only” approach by addressing the human part of the equation – introducing proper training and policies that will vastly decrease the chances of information breaches and medical identity theft.
• Proactive data breach planning.  As the adage goes, “those who fail to plan, plan to fail.”  Proper pre-event planning can save time, limit damage, and instill confidence and trust from those impacted by breaches.
• Take compliance seriously.  Federal and state lawmakers, plaintiff attorneys, business partners, investors, donors, the media (not to mention patients) will all take action against institutions that do not abide by the regulations that are in place – or will soon be in place – involving identity theft and data breaches.  With the right systems in place, compliance is not hard or costly.

For more information on how hospitals can address these issues, visit www.identityforce.com/Health or e-mail me at sbearak@identityforce.com.

For anyone traveling to InSight 2009, please feel free to stop by the Identity Force booth to say hello, and be sure to attend our presentation with RelayHealth “Red Flags Rules: What You Need to Know” on Friday, September 11^th at 9:30 a.m. in Tallahassee 3.

Similar Posts:

• 1.5 Million Americans Have Been Victims of Medical Identity
• Data Breaches Cost Hospitals $6 Billion Annually
• Your Doctor Might Ask For ID
• TN Medical Center Notifies 8,000 Patients About Possible Data Breach
• Data Breach Act in Congress