Dale Penn

Part 3 of 3

A Prescription to Prevent Prying Eyes

Your doctor’s office, clinic or hospital are clearly in the bulls-eye when it comes to being targeted by predatory identity thieves. Insurance company records are under attack as well. Many of the bad guys are on the outside trying to get in to databases and files, but unfortunately many culprits are on the inside and can’t resist the temptation to pry or steal.

Sadly, the market demand for our most private health-related information is quite high and therefore tempting for those inclined to take advantage of their to access to our most private health matters.

Privacy experts, attorneys and fraud investigators have their hands full battling fraud and theft on these fronts. As I mentioned a couple of posts ago, the FTC reported in a recent survey that 3 percent of U.S. identity crime victims (250,000 people) had some form of their personal information used to obtain either medical services or false insurance claims payments.

If your company is in the habit of searching for the best value in medical benefits for employees, there is a good chance that they will make a switch to a new provider for “better benefits”. While that could be good for the company’s bottom line, your medical history has now been replicated in a new place and “abandoned” in another. These realities of the health care landscape make vigilance a necessity.

The Washington Post reported earlier this month about a peer to peer data breach that involved the medical records of at least 1000 patients at Walter Reed Army Medical Center. In many cases, breaches are caused by the careless downloading of file sharing or peer to peer (P2P) software by careless employees at work.

Leading the way again, California passed legislation this year requiring notification when consumers’ medical information is “improperly accessed”. Only Arkansas has passed similar legislation and the topic is now being debated in Congress.

Here are 10 ways you can protect your medical history, your records and your health.

• Limit your authorization for release of medical records to anyone unless it is an absolute necessity.
• Inspect all your insurance statements for accuracy and the absence of any discrepancies.
• Put your shredder (cross cut) to work on any health or medical documents that you may discard.
• Ask for and inspect your medical records or statements for any benefits which may have been paid for under your name, but not received.
• Monitor your credit report for any collection notices filed by medical providers.
• While not always easy, make a serious attempt to correct any inaccuracies in your medical records.
• File a police report if your information is stolen.
• Read and digest the privacy statements of all your medical providers and request copies for your records.
• Remember that your medical records are just as vulnerable as other sensitive documents. Keep them out of reach and out of sight.
• According to the Identity Theft Resource Center, if you are a Medicare patient, you should make a photocopy of your Medicare card and carry a wallet sized version with only the last 4 digits of your Social Security number showing. The original should be locked away. The name and contact information of a trusted person should be included in your wallet. This medical contact person should have on hand the following information: the last 4 numbers of your SSN, your pertinent medical history, the name of your doctors and a list of all your medications. This tip could be a lifesaver.

Part II in a series

It would not be an exaggeration to say that medical identity theft could possibly kill you.

Research indicates that there may have been as many as 500,000 medical id thefts in just the last two years. Much of recent medical id theft has gone on undetected, which presents the real threat. We don’t even know we are victims…..yet.

Because this violation of our medical privacy can go on for years until it is discovered, the threat looms even larger for those who rarely seek medical services or advice. Sadly, these medical privacy breaches are not much of a priority for most health-care providers.

According to a recent Price Waterhouse Coopers report, the situation is not only dire in the United States, but around the world. Studies indicate that less than 50 percent of medical facilities even bother to encrypt your health data before transmitting or storing it electronically.

The opportunities for caregivers to misdiagnose a patient’s condition are drastically increased due to potentially false or inaccurate medical information being stored and shared in databases worldwide.

The recent disclosure that the medical files of George Clooney, Britney Spears and Maria Shriver were recently “snooped on” by curious hospital workers is a case in point. Just as most companies strive to prevent attacks and hacks from insiders, health-care providers are just waking up to the same stark reality.

We have become victims of not just the criminals, but victims of the curious. Marc Rotenberg, director of The Electronic Privacy Information Center agrees. “Now we’re moving into an era where many of those same problems occur with medical records.”

Next post, we’ll look at specific recommendations to help make and keep you a smaller medical identity theft target.