Electronic Medical Records and Identity Theft
The truth about electronic medical records and identity theft
If you’ve ever seen the movie The Social Network, you may have been amazed by the hackathon scene. If you are not familiar, a bunch of eager job-seeking computer programmers were challenged to hack into a secure web server in 10 minutes or less. If they were able to hack into an unauthorized computer system in a short period of time, they would get the job at Facebook.
While it’s all fun and games in the movies, hacking into a computer system is not the same in real life. There are identity thieves trolling the Internet looking for a way to get access to personal information. There used to be a high rate of financial identity thieves, but now hackers are getting smarter and turning to the medical industry to steal identities.
Why are identity thieves turning to the medical industry?
According to a report released from Ponemon Institute, medical identity theft is a $30 billion dollar a year industry. In fact, details from the same report revealed that over 1.8 million people in the U.S. were victims of medical fraud in 2013.
It makes you wonder why stealing an individual’s medical identity is so prevalent in today’s society. The simple answer is: getting access to patient’s electronic medical records is more valuable than obtaining credit information. But, why?
Simply put, when a hacker gets access to a person’s medical records he will be able to access a myriad of information that includes the name, social security number, insurance plans and a plethora of other sensitive information. With this information, a medical identity thief can create fake identification cards and use the victim’s information to obtain the following:
- Prescription drugs
- Medical equipment
- Create false insurance claims
- Financial Fraud
- Subsidized medical care
If hackers can get into electronic medical records so easily why are most healthcare institutions using them?
Whenever a person goes to the doctor’s office, fills a prescription or provides information to a healthcare provider, the information is stored in the provider’s database. Unlike financial information, where it is stored by credit bureaus, medical records and patient related information is spread across each medical facility visited. This makes it difficult for healthcare providers to communicate with people involved with the patient information. Electronic health records will typically have a patient’s full medical history which includes:
- Lab results
- Diagnostic test results
By having a streamlined system, electronic health records can provide organized systems, efficient service, reduce the amount of human error, enhance patient security and improve the quality of care.
This begs the question: If electronic medical records are the “holy grail” of improved patient care, why are hackers able to get easy access to them? The truth is: most healthcare professionals and hospitals simply don’t invest in cyber security. Some healthcare professionals have systems that are over a decade old. What would you rather invest in; a new X-ray machine that saves lives or a cyber-security system that prevents hackers? There are some healthcare professionals who believe in upgrading their security systems; however, when they improve and invest in security systems, they often face certain challenges such as:
- Inefficient security systems
- Poor implementation of security systems
- Invest in the wrong systems for their needs
- Improper training of staff
- Poor planning
- Usability issues
The Affordable Care Act actually made it a requirement for healthcare professionals and hospitals to switch over to electronic health records. They hoped that the transition would reduce the amount of paperwork, reduce costs, decrease human error, and improve care. When electronic health records are used correctly and handled by a well-trained medical staff, they can provide a sense of relief for hospitals and medical practices. However, the system is just as important as the medical professionals who handle it. Therefore, when it comes to investing in an electronic health records system, you want to ensure that you are investing in a system that complies with HIPAA guidelines. These guidelines include making sure your electronic medical records have the following:
- Access control with unique user IDs, passwords, and PIN numbers
- Encryption and decryption of stored information
- Audit trail/logs
- Emergency access procedures
Can medical fraud be stopped?
While it’s virtually impossible to eliminate medical fraud, it is possible to reduce the risk of your medical records being stolen. The key is to provide enhanced medical data protection, strong authentication, and data encryption. The way you can do this is hire a document management company that can handle all of your electronic medical record needs.
If you would like to know more about how we can help you implement and manage your electronic medical records, give us a call today and request a free consultation!