Preventing Medical Identity Theft
By Art Gross, President and CEO, HIPAA Secure Now!
Read other articles by this author
Earlier this month, a data breach affecting Quest Diagnostics, LabCorp, and Opko was announced, stemming from an incident caused by the collections vendor, American Medical Collection Agency (AMCA). Now, the number of individuals who had their medical and personal information compromised by the incident has exceeded 20 million, bringing up major concerns of medical identity theft for those affected.
What can you do to help prevent medical identity theft?
Request access to your medical records. It is your right under the Health Insurance Portability and Accountability Act (HIPAA) to gain access to your medical records. You should get in the habit of reviewing your medical records to look for any errors in your chart that could indicate something may be wrong.
If you detect errors in your medical records, report them immediately. If by chance you do find an error in your medical records, you should waste no time in reporting the error to your health insurer. The fraud department should be able to assist you with the next steps. In addition, report the fraud to the Federal Trade Commission (FTC) by filing an identity theft report.
Verify the security of your information. You should be aware of how your providers are protecting your medical information. Do not hesitate to ask questions about how your data is being protected. If your records are being cared for the way they should be, no practice or organization should feel uncomfortable answering that question.
Only give out the minimum. Don’t give out unnecessary information to healthcare providers, pharmacies, etc. If the information is not required, it is best not to share it.
Protect your medical information. If you deem it appropriate to share your information with a medical provider or another party, find out why they need that information, what they plan on doing with that information, and who they will share it with. Remember, it’s not a bad thing to give out the minimum in this situation.
Check links. Always check that any website you’re accessing is secure; this includes a patient portal. Secure websites should have “https” at the beginning of the URL.
Use caution when disposing of your medical records. Never just toss your medical records out with the trash. If any of your personal information is contained on paper, shred that information prior to disposal.
While being involved in a data breach is often out of our hands, such as the Quest Diagnostic, LabCorp, and Opko breach, taking precautions and staying diligent in monitoring your medical records can help you prevent or stop medical identity theft.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.