Health Information Security is really under siege these days. They have done a number of HIPAA breaches through lawsuits of things like park drives or laptops and portable discs and things like that, back up disc. They’re certainly more attacks taking place.
Once you get a hold of somebody’s detailed health information, you really have a lot to go on to be able to do some fraudulent identity theft. And particularly, once you get the health insurance information in there that’s a really nasty thing.
And if you think about it just for a moment, identity theft for financial reason is a big problem. That’s a pain. You have to go through a lot of agony to get things straightened out. But at least there are some means set up for being able to rectify those situations. And there are some laws about how you can do that and some ways you can go back any of these things corrected.
There really are no such mechanisms for health care information. So once somebody’s information has been used in identity theft, not only that you have the problems that result from that but you wind up with your records being intermingled with somebody else’s.
And effects of that are many. One of which is that when you got to correct the problems, you may discover that as soon as they realize that somebody else’s information is mixed in with yours you may not even be able to access that information to find out what’s going on because they may say, “Oh, this is somebody else’s information.” And you’ll have access to it under HIPAA even though it was done under your name.
So that’s one problem area for HIPAA compliance. Another problem is when you think about what happens with the health information if somebody has some services or goes in to have some work done at the hospital or whatever and say that person is allergic to penicillin and that goes into your record that you’re allergic to penicillin.
Once you have the health information exchanges where you can share information back and forth, this information may wind up in your record and you may show up at the hospital with a condition where they may have to give some penicillin or penicillin-type drug. And they may say, “Oh no, you’re allergic to penicillin,” and not give it to you and you might die. And we mean these are the kinds of things that can happen when you wind up with incorrect information in your medical record.
And also, health insurance is also something that’s not just a matter of a few thousand dollars on your credit card. Somebody may get a hold of your insurance number and use that fraudulently and to plead all your insurance, your lifetime caps. You may go in for service and discover that you have no insurance because somebody has used that all up. Trying to unwind these things is just a nightmare.
So anyway, there’s lots of - health information is really under attack these days. And so there have been fines and action plan put out by the folks at CMS for dealing with HIPAA security standards violations and there’s also electronic discovery and all these portable devices that memory sticks and iPods and things like that can hold mountains of data.
And if you think about it, health care information, the actual stuff that people use is just mostly text kind of stuff and, you know, just words. And that kind of information takes a very little space. If you have somebody with a little 8 gig memory stick that cost you $20 and they can plug that into your systems and download some information. They can probably get, you know, a good bit of what you have on record that’s text information on that memory stick and just walk out the door with it.
So these portable technologies really have the ability to hold an incredible amount of medical information. Well, that is a big issue and obviously electronic medical record is another big question.
So there has been some increased information security regulation. There’s a HIPAA obviously and the guidance that have been put out and even some proposed expansions to HIPAA rules. They may make their way through the federal government if they can get their eye off of current economic problems and long enough to be able to handle that.
For expert training sessions on HIPAA Privacy and Security rules, visit our HIPAA conference page.