<div dir="ltr"><span style="color:rgb(0,0,255)"></span><a href="http://www.healthitoutcomes.com/doc/unhealthy-rise-in-healthcare-fraud-tips-for-protecting-patient-privacy-0001">http://www.healthitoutcomes.com/doc/unhealthy-rise-in-healthcare-fraud-tips-for-protecting-patient-privacy-0001</a><br><br>Fraud is a serious and growing problem for all sectors, but healthcare is taking a bigger hit than most. <a target="_blank" href="http://www.pkf-littlejohn.com/healthcare-fraud-report-2015"><strong><em>According to one study</em></strong></a>,
while other industries suffered average losses of 5.6 percent in 2015,
in healthcare the losses were 6.1 percent — an almost 30 percent rise
since 2007. This trend is predicted to continue with <a target="_blank" href="http://www.washingtontimes.com/news/2015/dec/10/hackers-likely-to-breach-1-in-3-health-care-custom/"><strong><em>IDC Health Insights</em></strong></a> predicting one in three health records will be breached in 2016.
<p>The simple reason for this is that personal patient data is valuable.
Medical information is enticing for hackers because it includes
personal details such as height and eye color that can be used to create
fake identities. According to a recent <a target="_blank" href="http://www.forbes.com/sites/laurashin/2015/05/29/why-medical-identity-theft-is-rising-and-how-to-protect-yourself/#6b3ddbcde200"><strong><em>FBI presentation</em></strong></a>,
stolen health insurance information fetched a price of $60 to $70 on
the black market while a Social Security Number went for less than a
dollar.</p>
<p>One contributing factor is the fact that the majority of healthcare
IT leaders rely heavily on traditional security solutions such as
firewalls, audit logs, and data encryption. Technology by itself can’t
provide an adequate defense. Protecting patients’ data requires a
complete program including clear proactive policies, employee education,
and verification of compliance integrated with technical solutions.
Following are five steps that healthcare organizations can take to keep
their patients’ data secure.</p>
<ol><li><strong>Create Corporate Culture Of Protecting Patient Privacy</strong><br>
Educate and re-educate employees on current HIPAA rules and
regulations, including state regulations involving privacy of patient
information. This training should be part of employee orientation and
include periodic refresher courses. This includes everyone with access
to sensitive patient data and computing systems (whether full-time,
part-time, temporary, or transferring), medical staff (including both
admitting and referring physicians), contractors, vendors, students, and
volunteers. If employees are reminded of the implications of data
breaches, the risk that security policies will be violated can be
drastically reduced.</li><li><strong>Conduct Regular Validation And Verifications</strong><br>
Internal audits should verify all fundamental health care fraud
management activities are adequately performed using independent tools
for verification. Sanitized results of audits that catch employees not
following policies and procedures can be made available to raise
awareness that management is serious about protecting patient’s data.
Releasing official reports internally measuring the organizations
progress at preventing data theft helps keep all the employees diligent.</li><li><strong>Manage User Identity And Access Stringently</strong><br>
With so many members of the healthcare system frequently accessing
patient information — for a multitude of different reasons — it is
important to carefully manage identity of users. Make sure users at each
level are only granted access to information pertinent to their
position. For example, some organizations allow all staff and admitting
physicians unrestricted access to all patient files, but limit the
access privileges of referring physicians to their patients of record.
Also ensure that log on/off and other security related procedures are
clearly communicated and carefully enforced on shared machines.
Automation of user access helps create an audit trail and ensures
efficiency and safety for everyone involved.</li><li><strong>Monitor Users, Applications, Devices And Records</strong><br>
Make sure you have a record of when electronic files are viewed and not
only when they are modified or created. It is also just as important to
make sure employees know they are being monitored. Inappropriate access
is deterred when users understand that their actions will be recorded
and reviewed and that sanctions can be applied for violating patient
privacy. However, don’t overlook low tech data theft. Remind employees
to be watchful of electronic devices and paper records left unattended.
More often than not, data breaches occur due to theft of these items
from a home, office or vehicle. Secure data exchange systems can catch
when an employee sends an email or a file without the appropriate
authorization, but carelessness is impossible to detect until it’s too
late.</li><li><strong>Proactively Take Action To Prevent Snooping</strong><br>
Take a special note when there are events that might increase the
incidence of unauthorized access of patient data. Automated solutions
have the advantage that business rules can be added quickly based on
targeting those circumstances that are the most likely to result in data
theft, for example when your organization is providing services to high
profile people such as celebrities. Also it is recommended to monitor
when workers might have family members treated to make sure they are not
breaching security policies by accessing their records.</li></ol>
<p>By being proactive and planning ahead, health care organizations have
a better chance of avoiding data breaches and keeping their patients’
personal data secure. Formal policies regarding information system
security, employee training, and procedures for monitoring and
penalizing breaches of privacy and security are essential. Investing up
front in protect patient privacy is preferable to the long painful
process of fixing a problem after it has already happened. Once trust in
your organization has been damaged, it can be difficult — if not
impossible — to repair.</p><br></div>