News Feature | September 25, 2013

Should Your Patients Trust You To Protect Their Privacy?

Source: Health IT Outcomes
Katie Wike

By Katie Wike, contributing writer

A Ponemon Institute study reveals patients are trusting providers to keep their records secure but half of those providers aren’t sure they can

By Katie Wike, contributing writer

Despite a continued rise in medical identity theft, most patients aren’t doing anything to prevent it from happening. This according to the 2013 Survey on Medical Identity Theft released by the Ponemon Institute.

According to an announcement supporting the release of the report, the authors found, “Medical identity theft continues to be a costly and potentially life-threatening crime. However, unlike other forms of identity theft, the thief is most likely to be someone the victim knows very well. In this study of more than 700 victims of this fraud, most cases of identity theft result not from a data breach but from the sharing of personal identification credentials with family and friends. Or, family members take the victim’s credentials without permission.”

MedCity News writes of the report that the Ponemon Institute “estimated that 1.8 million people would experience medical fraud in 2013, a 19 percent bump from last year, and it would cost them some $12 billion.” MedCity News also notes more than half of the survey respondents said they do not review their records because they trust providers to be accurate, and a comparable number also didn’t check the explanation of benefits from their insurers.

“Survey results suggest that consumers largely put the sole responsibility of protecting their privacy and security on providers,” reports MedCity News, “Almost 60 percent of respondents said they would find another provider if they knew theirs could not safeguard their medical records.”

But is this patient trust misguided? It may be according to results of an earlier Ponemon study.

MedCity News earlier this year reported the Ponemon Institute found, “A hefty 94 percent of healthcare organizations who participated in an annual survey said they had at least one data breach in the past two years. What’s more startling is that 45 percent said they’d had more than five incidents, and half reported little or no confidence that their organization had the ability to detect all patient data loss or theft.”

New technology improves efficiency but often opens the door for more breaches. Eighty percent of providers surveyed reported they allowed employees to bring their own devices to work and use them on the provider’s network, and 60 percent said they used the cloud with half of them not confident in its security.

“While most organizations reported compliance with periodic HIPAA privacy and security awareness training for staff, they still reported that the second-most-common cause of lost or stolen data was an employee mistake, following a lost or stolen computing device,” reported MedCity. This observation doesn’t bode well for patients who overwhelmingly left their information security to what they thought were trustworthy and secure providers.