In related news, medical identity theft is becoming an increasing concern as well as a reality for many. A recent article in the "Chicago Tribune" reported that Medical information such as Social Security numbers, pharmacy records and other personal health data from about 130,000 WellPoint Inc. patients may have been accessed via the Internet. According to WellPoint, two computer servers - which were maintained by a third party - were left improperly secured for a period of time, resulting in WellPoint notifying customers via letter.
A recent survey of 263 healthcare providers by HIMSS Analytics and Kroll Fraud Solutions found that 13 percent said their medical records had been inappropriately accessed and 56 percent of those said they alerted patients of the breach. The survey found that there were a number of factors contributing to a lack of understanding of the growing frequency and risk of medical identity theft. Among those factors cited are regulatory loopholes. Most laws regulating patient data management such as HIPAA and Sarbanes-Oxley Act of 2002 contain vague language such as "acceptable measures" and "reasonable efforts."
The HIMSS survey shows that HIPAA awareness is higher among respondents working for organizations with 300 or more beds as opposed to those organizations with fewer than 100 beds. The survey correlation to this finding among respondents is that identity theft is three times as likely to happen at a larger facility (more than 100 beds) than a smaller facility (less than 100 beds). More than half of survey respondents (55 percent) work for organizations with fewer than 100 beds. Another 30 percent of respondents work for organizations with between 100 and 299 beds. The final 15 percent of respondents work for a hospital with 300 or more beds. The average number of beds per hospital is 167 and the median is 84 beds.
Kroll is a world-leading risk consulting company that provides investigative, intelligence, financial, security and technology services to help clients reduce risks, solve problems and capitalize on opportunities. Kroll Inc. is a wholly-owned subsidiary of Marsh & McLennan Companies Inc. For a copy of the 2008 HIMSS Analytics Report titled "Security of Patient Data," and for more information on best practices in healthcare data security, click here.