Identity theft is an increasing problem for everyday people, as unscrupulous individuals drain bank accounts and steal people’s credit histories and good names. A name and a bank account or Social Security Number is a marketable item in the Internet’s shadowy underworld, but if it is attached to a health record, it can be worth ten or more times the going rate.
Health information is especially valuable in identity theft, because it contains so many details about a person’s life that it makes impersonating that person much easier, in order to get credit or receive medical services without having insurance. Indeed, impersonation for purposes of insurance fraud is a problem that can leave people with compromised insurance coverage when they are most susceptible, and in today’s interconnected world, can cause serious health issues when an impersonator’s health information becomes intertwined with the real person’s information.
There are laws and processes to help people undo many of the ill effects of financial identity theft and fix tarnished credit histories, but there is no such easy process when it comes to health information. In fact, the person whose identity has been stolen has no right to even know the name or other information about the impersonator, because the impersonator’s information is protected by HIPAA, even though it is mixed in with the real person’s information.
Red Flags rules are in place requiring measures to prevent identity theft, but those rules do not necessarily apply to most medical offices. Nonetheless, those rules can be taken into consideration along with the HIPAA regulations protecting privacy and security of health information, to implement the processes necessary to protect PHI from identity thieves.
The HIPAA enforcement rules now have a four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for wilful neglect of compliance that start at $10,000, even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. It’s never been more important for the HIPAA Privacy Officer to ensure the rules are being followed and compliance is fully documented, and prevent medical identity theft using PHI.
In this audio conference, healthcare compliance and HIPAA expert Jim Sheldon-Dean will examine the Red Flags Rule to show what the standard of care is for private information under that regulation, and compare it to the HIPAA Privacy and Security Rules to show how using good HIPAA practices can satisfy Red Flags requirements. This session will help youreview your HIPAA compliance, meet the requirements, and prevent PHI Identity Theft.
Individuals have the right to receive electronic copies of any medical records held electronically, and it is essential to establish a process for properly authenticating the individuals who request access to their information. These new rights require the HIPAA Privacy Officer to ensure that processes are in place to provide these rights, and prevent identity theft. Having the right HIPAA Privacy Rule policies and procedures to protect information from inappropriate access and the right HIPAA Security Rule risk analysis and risk mitigation to protect against breaches of electronic information are essential for protecting against PHI Identity Theft. This session will review these requirements and various Risk Analysis issues and methods.
PHI Identity Theft likely involves a reportable HIPAA and/or state law breach. Jim will review the processes that should be followed in the evaluation of possible breaches and reporting of confirmed breaches under HIPAA and various state laws. HIPAA compliance with requirements relating to identity theft can help prevent issues in the event of an Audit by HHS Office for Civil Rights or Office of the Inspector General. Whereas the former practice of HHS has been to audit compliance only in instances where a violation was reported, the law now requires HHS to conduct a regular HIPAA compliance audit program, and a new program is getting under way.
All HIPAA Privacy Officers need to review their ability to prevent medical identity theft. With the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance, meet the requirements, and prevent PHI Identity Theft.
Who should attend
Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
- Jim Sheldon-Dean
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker