Steps Every Practice Should Take to Protect Against PHI Identity Theft

Event Information
Product Format
Prerecorded Event
60 minutes
Product Description

The Red Flags Rule and the Right HIPAA Security Rule Risk Analysis and Mitigation to Combat PHI Indentify Theft

Identity theft is an increasing problem for everyday people, as unscrupulous individuals drain bank accounts and steal people’s credit histories and good names. A name and a bank account or Social Security Number is a marketable item in the Internet’s shadowy underworld, but if it is attached to a health record, it can be worth ten or more times the going rate.

Health information is especially valuable in identity theft, because it contains so many details about a person’s life that it makes impersonating that person much easier, in order to get credit or receive medical services without having insurance. Indeed, impersonation for purposes of insurance fraud is a problem that can leave people with compromised insurance coverage when they are most susceptible, and in today’s interconnected world, can cause serious health issues when an impersonator’s health information becomes intertwined with the real person’s information.

There are laws and processes to help people undo many of the ill effects of financial identity theft and fix tarnished credit histories, but there is no such easy process when it comes to health information. In fact, the person whose identity has been stolen has no right to even know the name or other information about the impersonator, because the impersonator’s information is protected by HIPAA, even though it is mixed in with the real person’s information.

Red Flags rules are in place requiring measures to prevent identity theft, but those rules do not necessarily apply to most medical offices. Nonetheless, those rules can be taken into consideration along with the HIPAA regulations protecting privacy and security of health information, to implement the processes necessary to protect PHI from identity thieves.

The HIPAA enforcement rules now have a four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for wilful neglect of compliance that start at $10,000, even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. It’s never been more important for the HIPAA Privacy Officer to ensure the rules are being followed and compliance is fully documented, and prevent medical identity theft using PHI.

In this audio conference, healthcare compliance and HIPAA expert Jim Sheldon-Dean will examine the Red Flags Rule to show what the standard of care is for private information under that regulation, and compare it to the HIPAA Privacy and Security Rules to show how using good HIPAA practices can satisfy Red Flags requirements. This session will help youreview your HIPAA compliance, meet the requirements, and prevent PHI Identity Theft.

Individuals have the right to receive electronic copies of any medical records held electronically, and it is essential to establish a process for properly authenticating the individuals who request access to their information.  These new rights require the HIPAA Privacy Officer to ensure that processes are in place to provide these rights, and prevent identity theft. Having the right HIPAA Privacy Rule policies and procedures to protect information from inappropriate access and the right HIPAA Security Rule risk analysis and risk mitigation to protect against breaches of electronic information are essential for protecting against PHI Identity Theft. This session will review these requirements and various Risk Analysis issues and methods.

PHI Identity Theft likely involves a reportable HIPAA and/or state law breach. Jim will review the processes that should be followed in the evaluation of possible breaches and reporting of confirmed breaches under HIPAA and various state laws. HIPAA compliance with requirements relating to identity theft can help prevent issues in the event of an Audit by HHS Office for Civil Rights or Office of the Inspector General.  Whereas the former practice of HHS has been to audit compliance only in instances where a violation was reported, the law now requires HHS to conduct a regular HIPAA compliance audit program, and a new program is getting under way. 

All HIPAA Privacy Officers need to review their ability to prevent medical identity theft. With the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance, meet the requirements, and prevent PHI Identity Theft.

Learning Objectives:

  • What is Medical Identity Theft and what are its consequences;
  • Red Flag Rule and Healthcare: all you need to know;
  • Discussion on the Red Flags Rule for identity theft prevention and its relationship to HIPAA;
  • HIPAA rules for protecting the Privacy and Security of patient information in the context of how they apply to medical identity theft;
  • Correcting errors in records due to Medical Identity Theft;
  • Typical issues that can lead to identity theft, and identifying the solutions;
  • Tips and tools for preventing Medical Identity Theft;
  • The processes for responding to requests for copies of electronic records per regulations and the need to prevent identity theft;
  • Policies and evidence you need to produce if the HHS Office of Civil Rights or Office of the Inspector General selects you for an audit of compliance; and
  • Learn all about how HIPAA penalty requirements underline the need to make sure you are in compliance before HHS knocks on the door.

Session Highlights:

  • How Medical Identity Theft differs from Financial Identity Theft
  • Assessing and planning management of your risks
  • HIPAA Security Rule Fundamentals: Flexibility and Analysis
  • Identity Theft prevention and correction policies
  • Lessons learned from PHI breaches
  • Four tiered penalty structure: what you need to know about it
  • What is a HIPAA Audit? What will they ask for in an audit?
  • Planning your next reviews and your information security management process
  • Dealing with Breaches of PHI
  • Being prepared for enforcement and audits
  • To-do list

Who should attend

Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer  


Order Below or Call 1-844-384-4744 Today

We Also Recommend
Order Form

(Select the format below)

Choose Quantity:

(*) Single User Price

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why ProfEdOnDemand?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List