Guest Column | October 9, 2017

How Providers Can Reduce The Risk Of Medical Identity Theft


By Heather Lomax, media relations specialist, Blaze Systems

Identity fraud has become more and more of an issue as the internet has shifted and changed through the years. Security protocols must keep up with the latest malware and viruses that come out every day in order to keep out internet fraud criminals, and hackers merely see these updates as the latest challenge for their activities. Therefore, it is imperative that medical providers also make use of digital strategies that protect sensitive information from attack. Here are a few methods that will help any medical practice safeguard their patients.

Educate Patients On Identity Theft
One method hackers and identity thieves use to gain medical information lies outside the complete control of your practice. Some doctors and hospitals offer online portals for their patients to view billing statements, test results, and appointments. Unfortunately, many patients do not always have the best protection on their home computers, so they need to be made aware of the risks they take by viewing this data on an unsecured computer. If you offer online patient portal services, discuss the proper protocols for protecting their PC from data breaches. There’s still the risk that they fail to follow your advice, but you at least have the peace of mind of knowing that you gave them fair warning.

Protect Patient Data
Furthermore, patients must also be warned of the risks that come with sharing medical information with others. If they are asked for their medical data over the phone or via email, let them know that their information is in danger of misuse. Typically, patients need to sign off on permissions in order to be called for medical purposes, so your office employees should identify themselves upon calling a patient to confirm that they are a legitimate source. Also, let your patients know that if they receive unsolicited phone calls inquiring about their medical information and the person on the other end can’t confirm their identity, then that is a red flag that they should hang up immediately.

Have A Data Breach Response Plan Ready
Even when your office takes great care in how they handle patient information, breaches can still unfortunately occur. Therefore, all medical offices need to have a reliable data breach response plan in place, which covers how to stop security breaches and how to handle any lost or stolen data in the process. Patients need to also be contacted in person if their information is at risk so they may put a freeze on accounts or send out a fraud alert. Being proactive about your office’s security is always the better option, but accidents happen, and a backup plan may prove necessary when you least expect.

Train Your Staff On Fraud And Red Flags
Not only should you educate your patients, but staff members working in any capacity with medical information in your practice must be trained on how to identify medical identity fraud. New hires should be introduced to this knowledge early in training, and longtime employees should be refreshed on the latest technology and fraud methods at least once a year. Furthermore, they need to learn which red flags to look for when patients request information. For example, legitimate patients should not stumble over simple information or question certain tests, diagnoses, and medications.

Invest In Security Tech And Software
The ultimate measure to take against medical identity theft is to invest in high quality security technology and software. Agreements should be made with these technology companies to update security measures on a routine basis. And remember, it is well worth the cost – opting for a cheaper option can mean purchasing a system that will prove inadequate in more advanced attacks.

Data breaches must be approached aggressively and with proactive safety measures. Even if you have the best online security, if your staff isn’t well-trained on the signs of identity fraud, or if your patients are oblivious to the signs of an attack on their information, there will be little you can do to keep that data safe. Therefore, as a medical provider, you must make use of both digital and real-life training and protection in order to combat the most vicious fraud attacks.

About The Author
Heather Lomax is a contributing writer and media relations specialist for Blaze Systems. She writes articles for a variety of medtech blogs, discussing solutions for optimizing healthcare data protection and clinical technology.