I am traveling to the InSight 2009 Annual Conference in Orlando this week to meet with scores of healthcare organizations struggling in the face of a growing epidemic of issues related to medical identity theft. In preparation, I have given a great deal of thought to what hospitals can and must do to protect themselves and their patients.
First, let’s examine the challenges that hospitals and health providers are dealing with:
Medical Identity Theft Is Growing:
- Medical identity theft increased 300% between 2007 and 2008
- 85% of healthcare providers experienced a data breach in 2008
Patients Are Unhappy:
- 40% of consumers change their relationship with affected businesses
Regulation is Getting More Complex:
- In 45 states not reporting a data breach is illegal
- Enforcement of the FTC’s Red Flags Rule begins November 1, 2009
- New HHS guidelines require patient notification of data breaches
Costs Are Soaring:
- Data breaches cost an average of $202 per record lost
- The average hospital will spend 450 hours a year meeting Red Flag compliance requirements
- FTC Red Flag fines can be up to $2,500 per incident and up to $11,000 per day per organization
The Diagnosis: Left untreated, healthcare organizations will remain in critical condition. Hospitals must come to grips with identity theft, data breaches and compliance in order to lower their financial and legal exposure, maintain patient loyalty and protect their reputations with regulators, the media and the public.
The Treatment Plan: Hospitals must be proactive. Simple, cost-effective steps can be taken that will dramatically improve the chances of avoiding harm.
- Build a data breach-free environment.
