Presentation on theme: "Identity Theft in Health Care Facilities Faith Mondry, J.D. United States Postal Inspector."— Presentation transcript:
Identity Theft in Health Care Facilities Faith Mondry, J.D. United States Postal Inspector
TYPES OF ID THEFT Theft of patient identifiers by employee Theft of patient identifiers by non- employee Theft of employee information Theft of “paper” records, HR and/or medical Theft of digitized records, HR and/or medical
Ripped from the headlines: “Identity Theft Reported by 33% of Healthcare Organizations” InformationWeek, November 9, 2010 article ID 228200516
Theft of patient identifiers by an employee or contractor “Operation Quick Change” U.S. Postal Inspection Service Case, reported 3/25/2010, Chicago Tribune, janitorial employee alleged to have stolen patient identifiers out of files at night while she was cleaning medical offices
Ripped from the headlines: “Former Holy Cross Hospital employee pleads guilty to ID theft” -Sun Sentinel, 1/26/2011 Fort Lauderdale, FL ER clerk alleged to have sold patient identifiers for cash
Can this type of theft be prevented? Best practices for pre-employment screening…do the most thorough background check available to your facility! Ask contractors to do the same Ensure that all personal identifiers are handled on a “need to see” basis Ensure that all personal identifiers are properly secured
Theft or misuse of identifiers by non- employee How many stolen laptops do we need to read about before we get the point???
Ripped from the headlines: “Stolen laptop contained Sebastopol substance abuse patient information” -www.pressdemocrat.com/article 20110114, January 14, 2011 -physician’s laptop was stolen at a New York hotel
Can this type of theft be prevented? Restrict patient information and access devices leaving the facility Ensure that any information leaving the facility is encrypted and password protected Ensure that a policy is in place- and that employees are trained to follow it- when sensitive information goes on the road
Classic “medical identity theft” Patients use another identity to obtain medical services Fraudulent medical records lead to fraudulent billing to insurance companies consequences when drug allergies or interactions are under the radar with false patient identities
Ripped from the headlines: “ID theft at the doctor’s office” -New Beauty Magazine, March 26, 2009 The “Big-Bust Bandit” in Orange County, CA used another woman’s identity to undergo liposuction and breast augmentation at the Pacific Center for Plastic Surgery
Where do you keep personal identifier information? Digitized files on desktops and laptops –Who has access? Where are the computers located? Is the area secure from non-critical viewing and usage? –What about after hours?
Where do you keep personal identifier information? Paper files should be secured…even during the day when offices are occupied –File cabinets where information is stored should be outside of public/non-critical viewing areas and should have restricted access when practical
How well does your physical layout protect you from identity thieves?
Where do you place your incoming and outgoing mail? Postal Inspector…I have to ask.
What do you do when a breach occurrs? If an employee is the identity thief…REPORT IT TO LAW ENFORCEMENT and follow institution’s protocol for victim notification If a non-employee is the identity thief…REPORT IT TO LAW ENFORCEMENT and follow institution’s protocol for victim notification
Privacy Issues Legal issues regarding disclosure to law enforcement Risk of fraud/ID theft and continued victimization vs. legal requirements to protect patient privacy Crime on premises
Whom do you report it to? State and local law enforcement Federal law enforcement Depends upon the nature/scope of the crime