MDNews - South of Boston

+++++++++++++++++++++++++++++ +++ +++ +++++++++++++++++++++++++++++ BUSINESS OF MEDICINE + + PROTECT YOUR PRACTICE FROM THEFT STOLEN IDENTITIES CAN COST THOUSANDS OF DOLLARS — AND IRREPARABLY DAMAGE THE REPUTATION OF A BUSINESS; NONE MORE SO THAN A PHYSICIAN PRACTICE. A CCORDING TO THE Federal Trade Commission (FTC), medical identity theft accounted for 3% of identity theft crimes in the United States during 2009. Using personal information stolen from real patients, identity thieves can gain access to services or medications, often avoiding detection for years. These crimes have far-reaching implications for medical practices and consumers alike. Identity theft can result in lost revenue, class-action lawsuits and costly fines, but it also poses a significant danger for patients. When identity thieves successfully gain access to medical care, potentially life-threatening erroneous or falsifi ed entries may be made to existing medical records. These alterations can be diffi cult to detect and expensive to correct, and patients may remain unaware of a problem. For example, one woman was surprised when she received notifi cation from state social services that her children would be removed from her custody because her newborn baby had tested positive for methamphet- amines. She had not recently given birth, but her driver's license had been stolen years earlier and used to gain access to health care services. Preventing Stolen Identities To ensure patients receive the best care, physicians should take steps to secure patient information. Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is only the fi rst step toward protecting the identities of patients. In addition to federal and state laws, medical practices must also comply with the Gramm- Leach-Bliley Act and new Red Flag Rules established by the FTC. Because identity thieves often work with medical employ- ees to secure private information, thorough background checks on all offi ce staff should be standard. Institute policies and procedures that restrict access to such information, log access and audit frequently to ensure that no one accesses private information without permission. Fortunately, many tools exist to help medical practices detect fraud. The American Health Information Ma na gement As so c i a t ion (AHIMA) recommends that health care providers employ pattern-recognition technology that can find inconsistencies in digital records before they become expensive problems. HIPAA requires nonpublic personal information to be locked in secure storage or encrypted in digital form, so it follows that computerized patient data should be pro- tected as well. The AHIMA also recommends encrypt- ing patient information, restricting access to records and minimizing the use of patient Social Security numbers. Computer networks should be secured to ensure they are safe from outside intruders. Unnecessary documents should be discarded in a secure manner. Staff should be trained to detect potential inconsistencies in patient records, such as dates of birth. Require photo ID in your practice. Educate consumers by encouraging them to share their information only with trusted providers. Encourage them to make copies of their health care records and to monitor their annual summary of benefi ts for claims they did not receive. ■ MDNEWS.COM ■ MD NEWS South of Boston | 5

• Cover