Taking Precautions Against Medical Identity Theft

Hinshaw & Culbertson LLP
Contact
LinkedIn
Facebook
X
Send
Embed

We recently reported that the number of cyber events involving the healthcare industry is expected to rise in 2014.

The reliance on electronic medical records and the use of insurance exchanges increase efficiency but also heighten the risk of medical identity theft. 

In October 2013, the California Department of Justice published recommendations for preventing and managing medical identity theft. See Medical Identity Theft: Recommendations for the Age of Electronic Medical Records

For insurance companies, the recommendations include:

  • Make Explanation of Benefits statements patient friendly. Include information on how to report any errors that are discovered.
  • Notify customers who have been identified as victims of medical identity theft by email or text or other agreed upon timely method whenever a claim is submitted to their account.
  • Used automated fraud-detection software to flag suspicious claims that could be the result of identity theft.
  • When medical identity theft is confirmed, the first priority should be correcting the patient’s claims record to eliminate the possibility that benefits could be capped or terminated.

In an earlier publication, the Department of Justice provided guidance for all companies that handle personal or private data. See Data Breach Report 2012

The key recommendations include:

  • Encrypt personal information sent by email, mailed in thumb drives or tapes, or stored in laptop or desktop computers. 
  • The Attorney General’s Office would make it an “enforcement priority” to investigate breaches involving unencrypted personal information and recommended that other agencies and regulators do the same.
  • Tighten security controls protecting personal information, including training of employees and contractors.
  • Improve the readability of breach notices.
  • Offer mitigation products or provide victims information on how to protect themselves against identity theft after a breach.

The Department of Justice’s recommendations are not detailed. Nonetheless, they may inform what constitute “best practices” in the healthcare insurance industry with respect to preventing medical identity theft. At the very least, the publications provide guidance about what precautions regulators consider most important.

Click here to read more about the California Department of Justice’s recommendations concerning privacy enforcement and protection.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hinshaw & Culbertson LLP | Attorney Advertising

Written by:

Hinshaw & Culbertson LLP
Hinshaw & Culbertson LLP
Contact
more
less

Hinshaw & Culbertson LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide