Six Criteria to Help Your Organization Avoid Medical Identity Theft

I recently wrote an article for MedCity News discussing how organizations can help prevent medical identity fraud for their patients or customers.

Medical fraud can occur in a number of ways – including medical personnel billing a health plan for fake or inflated treatment claims, falsifying information to obtain prescription drugs, and using another individual’s information to obtain free medical care. Often, these crimes are committed through illegal purchase of Personal Identifiable Information (PII) or by unethical actions from healthcare providers. Whether accidental or purposeful, healthcare fraud leads to loss of trust in providers, hefty fines, and loss of licenses.

Medical identity theft is perhaps the most frightening of all forms of identity theft, although not the most widely discussed. It occurs when someone uses a person’s name or other parts of their identity –  such as insurance information – without the person’s knowledge to obtain medical services or goods. While the intention is to obtain medications, prescriptions, or to falsely bill insurance providers, the risk to the victim may be quite serious – including inappropriate and improper medical treatment. While this is a critically important issue, little research about it has been done.

In the article, I introduce six functionalities health insurance and medical services organizations should look for when implementing a new Health Information Technology (HIT) system in order to avoid medical identity theft. They include:

• Discover data across multiple information gateways in your enterprise in order to shed light on dark data and other potential sources of risk. Sensitive information may not be obvious at first glance but can open up an organization to an array of issues if leaked.
• Scan content in motion or at rest against out-of-the-box or customized checks for a wide range of privacy, information assurance, operational security, sensitive security information, and accessibility requirements. Organizations require different levels of security based on regulations, subject matter, and size. Be sure to select a technology with a solid framework that can be customized based on your needs.
• Drive enterprise classification and taxonomy with user-assisted and automated classification for all content.
• Take corrective action automatically to secure, delete, move, quarantine, encrypt, or redact risk defined content. These automated actions can reduce costs by eliminating the need for additional resources to continuously monitor information security initiatives.
• Enhance incident tracking and management with an integrated incident management system in addition to trend reports and historical analysis to measure your organization’s improvements over time.
• Monitor data and systems on an ongoing basis to demonstrate and report on conformance across your enterprise wide information gateways and systems.

To read more about how reduce the risk of medical identity fraud, please visit MedCity News.

Learn how we can help you create a culture of transparency, action, and trust for your organization by visiting our website today