Extent, cost of health ID theft exposed in Wall Street Journal

Confirmation that your Editors (including Founder Steve) are no longer Voices Crying In The Wilderness on health data insecurity came this weekend on the front page (print) of The Wall Street Journal. It concentrated less on the profit of stolen PHI–$50 per record on average versus $7 for a credit card, according to Ponemon Institute–than on the horror of the 2.3 million individuals suddenly finding out that hospitalizations, procedures and prescriptions in their name were being used by others, leaving them with the bill and unable to clear both their financials and their health records.

EHRs are treasure troves of health and financial information. Unlike credit card theft, there’s no warning–and no limits. Providers and insurance companies put the onus on the person with the stolen data. There is no healthcare equivalent of the Fair Credit Billing Act (FCBA) and the Fair Credit Reporting Act (FCRA), which since 1974 and 1970 respectively have limited the individual impact of fraudulent credit card charges.

Consumer security programs like LifeLock are not particularly effective in proactive notification. In other words, you’re stuck. You may run through your benefits and then be responsible for the bills. Second, you may never get the bad information and diagnoses out of the supposedly accessible health record because of privacy laws, especially if you are a caregiver.

Victims sometimes only find out when they get a bill or a call from a debt collector. They can wind up with the thief’s health data folded into their own medical charts. A patient’s record may show she has diabetes when she doesn’t, say, or list a blood type that isn’t hers—errors that can lead to dangerous diagnoses or treatments.

Adding insult to injury, a victim often can’t fully examine his own records because the thief’s health data, now folded into his, are protected by medical-privacy laws. And hospitals sometimes continue to hound victims for payments they didn’t incur.

According to Ponemon, “65% of victims reported they spent an average of $13,500 to restore credit, pay health-care providers for fraudulent claims and correct inaccuracies in their health records.”

Very rarely does this Editor look for a Federal remedy to a problem, (more…)

UCLA Health data breach may affect 4.5 million patients

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/06/keep-calm-and-secure-your-data-4.png” thumb_width=”150″ /]Breaking news out of Los Angeles this afternoon is that the UCLA Health System’s computer network was compromised by an external cyberattack, compromising an estimated 4.5 million patient records. According to the LA Times, “the hospital saw unusual activity in one of its computer servers in October and began investigating with assistance from the FBI. The investigation confirmed May 5 that the hackers had gained access to parts of UCLA Health’s computer system where some patient information was stored. The hackers gained access to names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information like patient diagnoses and procedures.” There also appears to have been a delay in the realization that the sensitive PHI had been accessed, and that the suspicious activity could have started as early as September 2014. Yet the UCLA Health statement equivocates: “At this time, there is no evidence that the attacker (more…)

Medical identity theft hits new highs

August ended with the report of the second highest-ever identity breach traced to a healthcare provider–4 million patient names, addresses, dates of birth, Social Security numbers and clinical information, contained on four unencrypted Advocate Health System (Illinois) office computers. It was a ‘behemoth breach’ in Healthcare IT News‘ words and has led to the filing of a class-action lawsuit (Privacy Rights Clearinghouse). Now security consultant Ponemon Institute’s latest report, released yesterday, increases the breach anxiety level with its 2013 Survey on Medical Identity Theft: (more…)