health care fraud and abuse continues to be a huge challenge for health care organizations. From smaller health care practices to giant corporations, it appears no one is immune to the threat of health care data breaches.
According to federal health officials, almost 300 doctors, hospitals, and insurance companies have reported medical data breaches in the past two years. US government data suggests nearly eight million people have had their medical records improperly exposed during this period. This exposure makes it easy for hackers and thieves to steal personal information, and further puts a spotlight on the need for impenetrable systems to prevent health care data breaches.
Professional practices are often unprepared and therefore completely vulnerable to attack. Large health care organizations have security systems in place, but their size often leads to the inability to control those systems and the people operating them—not to mention the fact that the amount of personal data in their systems makes them the “big fish” in the ongoing game of preventing health care fraud and abuse.
Owners of professional practices often feel helpless at the thought of preventing health care fraud and abuse. After all, they wonder, how can we prevent health care fraud if the large organizations can’t seem to stop data breaches with all of their resources?
It’s a fair question. But there’s an answer: Think like a crook and pay attention to the details. Since their systems are smaller and they have fewer employees, professional practices actually have more control over how data is accessed and who can access it. They just need to be proactive to prevent health care data breaches from happening to them and their patients. Professional practices need to:
– Perform background checks. Preventing health care fraud and abuse starts at the employee level. Professional practices should never hire an employee without first conducting a thorough background check that includes past employment, professional and personal references, education, credit record, criminal record, Social Security number, and a drug test.
– Encrypt data. Information systems are the next defense against health care data breaches. Aside from employees, who else can access the computer system? Hackers may assume professional practices don’t have a sophisticated health care data breach security system. They can prove hackers wrong by ensuring data transmitted over their network uses an encryption technology known as secure socket layer (SSL). Complex passwords should be implemented only for those employees who need access to patient records.
– Create policies and procedures to prevent health care data breaches. Professional practices should also develop a strict set of policies and procedures to safeguard protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). A health care fraud and abuse expert can assist with creating these policies and procedures.
– Shred data. This one may seem obvious, but unless there is a policy in place that all employees know about, a customer’s private data may just go in the trash. That leaves the information vulnerable to dumpster divers who will steal and sell private health information.