Ponemon Institute: “Our study found that the number of data breaches among healthcare organizations participating in the 2010 and 2011 studies is still growing—eroding patient privacy and contributing to medical identity theft. On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study despite healthcare organizations’ increased compliance with federal regulations.”
Despite policies and federal mandates, prevention of unauthorized access to patient information is not a priority in many healthcare providers.
Under pressure from the medical community healthcare providers received FTC Red Flags Exemption from Congress on December 7, 2010. Their “don’t tell us what to do” and “Red Flags will cost us too much” attitude has caused an explosion in Medical Identity Theft. Their attitudes are putting patients at risk. “While 90 percent of healthcare organizations say that breaches cause harm to patients, the majority of them (65 percent) do not offer protection services for the affected patients.”
Data breaches in healthcare organizations are on the rise.
“The frequency of data breaches among organizations in this study has increased 32 percent from the previous year. In fact, 96 percent of all healthcare providers say they have had at least one data breach in the last two years. Most of these were due to employee mistakes and sloppiness—49 percent of respondents in this study cite lost or stolen computing devices and 41 percent note unintentional employee action. Another disturbing cause is third-party error, including business associates, according to 46 percent of participants.”
HIPPA gives you the right to a copy of your medical file.
Get copies of your medical files from your providers – doctors, clinics, hospitals, pharmacies, laboratories and health plans. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule gives you the right to copies of your records. Unlike credit reports they may not be free. You may have to complete a form and pay a fee to get a copy of your records. They have 30 days to provide you a copy.
If you find a problem you have the right under HIPAA to correct any errors in your medical and billing records. Write the provider with details of the errors. Send copies (not originals) as supporting documents. Detail each individual error and ask for them to be corrected or deleted. Always send your dispute by certified mail, and ask for a return receipt. Keep a record of dates and times of letters, emails and phone calls. (Do not send your Social Security Number via email or fax.)
FTC: What to do
Do not rely on your healthcare providers to protect you since they care more about their profits.