As gatekeepers of PHI, we are accustomed to guarding people’s privacy on a daily basis. While we primarily focus our efforts on upholding the privacy guidelines of HIPAA and the Affordable Care Act, we rarely discuss the risks of Identity theft. While, massive public breaches, such as Target and TJX, where millions of customers’ credit card information was stolen, occupy the headlines, there is another type of information that cybercriminals may be even more eager to get their hands on: our medical records.Last month the Identity Theft Resource Center produced a survey showing that breaches of medical records involving personal information accounted for 43 percent of all record breaches involving personal information reported in the United States in 2013. That is a far greater chunk of record breaches than those involving banking and finance, the government and the military or education.
In addition, the average damage from a medical record breach is much greater than that of credit cards. Not only do victims experience financial repercussions, but they frequently discover erroneous information has been added to their personal medical files due to the thief’s activities.
While many providers are still operating in a hybrid environment, more and more information is available in electronic formats and we need to evaluate the level of risk exposure.
What are you doing to evaluate your exposure to identify theft, and do you have an incident response procedure in place at your facility?