How to Protect Your Medical Data From Cyber Crooks
A glance at the daily headlines tells you that the global cyber war continues to rage. A particularly vulnerable area is one that maybe never occurred to you: electronic health records (EHRs).
EHRs are increasingly pervasive. They’re also increasingly invasive, and therein lays the problem. EHRs contain many details about our personal lives. As their use becomes more common, so does their vulnerability to hacking and fraud.
Major breaches of corporate, government and personal data are occurring more frequently, in all areas of life, and they are getting larger in scope.
Artificial intelligence and cloud computing are adding more firepower to EHRs and health care information technology as a whole.
Make it your New Year’s resolution to adopt the following protective measures.
Structured versus unstructured…
Confidential information such as employee files, intellectual property, and legal and trade secrets are the crown jewels of an organization’s data repository.
Some of this information is housed in customer relationship management systems, databases, enterprise resource planning applications and financial systems. These data are called structured content.
Other data, referred to as unstructured, reside in emails, Excel spreadsheets, image files (JPEG/PDF/TIFF), PowerPoint presentations, videos and Word documents. This information is located throughout all levels of the organization in content management repositories, employee laptops, FTP sites, network and cloud shared drives, and storage area networks, to name a few.
The technology consulting firm IDC reports that most of an organization’s overall data are unstructured. Indeed, IDC predicts that 80% of global data will be unstructured by 2025.
A lot of money is at stake. According to Graphical Research, the North America health care information technology market size exceeded USD 97 billion in 2021 and is expected to post a compound annual growth rate (CAGR) of 12.5% from 2021 to 2028 (see chart).
A medical record often has all the information an ID thief needs in one convenient place: birth date, full name, Social Security number, and often insurance and financial account information.
All this information is more convenient and accessible to thieves as medical providers comply with the federal mandate to make medical records digital. Paper records are supposed to disappear or be supplemented by digital versions stored on a hard drive or server.
A person’s entire medical record often sells for under $100 on the black market. A crook can do a lot with a medical record. It can be used in the typical ID theft activities of obtaining loans or credit cards, opening new bank accounts, or filing false income tax returns to claim refunds.
Medical records also can be used to obtain medical care, leaving you stuck with copayments and deductibles on the care. You also might face a canceled plan and errors in your medical history that can take a year or longer to correct.
Digital medical records often are shared quite rapidly among insurers and medical providers, making it hard to correct errors. Unlike credit cards and other financial records, there aren’t standard procedures in place to correct medical records and reduce the consequences of record theft.
Children and the elderly are the usual targets of medical record theft, a crime that victimizes millions of Americans ever year and has increased almost 20% annually the last couple of years.
Medical records are sought by overseas crooks who use their digital expertise to probe the databases of medical providers, in the same ways they try to infiltrate major corporations and government agencies.
Security from these types of attacks hasn’t been high on the priority list of most medical providers. Unlike a lot of other large organizations, a medical provider might not even know its database was breached or probed.
Five Protective Steps
Consumers are behind in protecting themselves, because medical record theft doesn’t receive much publicity. Here are five steps you can take:
1) Avoid providing Social Security and driver’s license numbers to medical providers. They don’t need them, except in rare instances.
2) Ask medical providers to remove these numbers from their existing records. You’re supposed to have the right to have personal information removed from medical records.
3) Treat old medical documents you possess the same way as financial records. Shred them instead of throwing them away. Any records you retain should be stored securely. This includes bills, receipts, and diagnosis information.
4) You have the right to review and receive a copy of most of your records from medical providers. The rights are spelled out in the federal regulations at 45 CFR 164.524. Just as you should with credit reports, it’s a good idea to take advantage of this right and review your records for incorrect information, fraudulent charges, treatments you didn’t receive, and personal information you want removed.
5) Carefully review the “Explanation of Benefits” you receive periodically from your insurer or Medicare. These statements often are difficult to decipher, but they can reveal whether someone is using your insurance to obtain treatment under your name or a medical provider is submitting improper charges to the insurer. If you don’t understand the treatment codes listed, call the provider’s billing staff for an explanation.
Unfortunately, you won’t be able to do everything needed to avoid identity theft through medical records, because Medicare still insists on putting a beneficiary’s Social Security number on the Medicare card and other places. For that, you’ll have to contract your congressman and senators for change.
WATCH THIS VIDEO: Navigating The Transition from 2023 to 2024
Editor’s Note: Defensive assets that underperformed in 2023 are setting the stage for a comeback in 2024. Specifically, as you recalibrate your portfolio allocations for the new year, turn to utilities stocks.
The utilities sector has gotten clobbered lately by rising interest rates, but it’s poised to gain traction as bond yields continue their descent. That means value plays are ready for the picking.
However, you need to pick the right ones. For our list of the highest-quality utilities stocks, click here now.
John Persinos is the editorial director of Investing Daily.
To subscribe to John’s video channel, click this icon: