Sunday, September 20, 2015

Protecting Your Healthcare Data

Healthcare providers are required to protect your medical information.  The problem is that many people have their hands on your information... some of them are careless (based on other breaches we know about) and some of the controls protecting the information could fail.  So what can you do to be proactive about protecting your medical data (or medical identity)?

  1. Review your insurance statements.  If you get them through the mail, read them.  If you access them online, check regularly to be sure that your records reflect accurate services provided to you and your family.
  2. Many providers allow patients to access healthcare information electronically.  If you use this option, be sure that you safeguard your access information (username/password).  
  3. Be leery of "free" health services or product offers that require you to provide your health plan identification information.   If it's truly free, there is no reason anyone needs your insurance information. 
  4. Never provide your health plan identification information to callers unless you initiated the contact. 
  5. Keep your health care information in a safe place.  Shred old/unnecessary information.
  6. Be mindful that it may be possible to use your medical identity without your insurance information.   If asked to provide your social security number, be sure to ask why it's needed, how it will be safeguarded, whether the information will be shared and if it is shared - with whom.  Also, read the Privacy Policy if the request is made on a website. 

If you discover that your medical identity has been used by someone other than yourself you must take action.

  1. Request copies of your medical records for treatment, etc..  Federal law provides you the right to know what is in your medical records.  Scrutinize your files for errors.
  2. Contact the healthcare professionals that provided services to the thief (physician, clinic, hospital, pharmacy, laboratories and other providers).  Request that the records and details regarding the service from the individual who provided services be provided to you in writing.
  3. If the provider refuses to provide you the information in writing, contact the person listed in the Notice Privacy Practices, Patient Representative or ombudsman for the organization.   Contact  the U. S. Department of Health and Human Services' Office for assistance.
    Image source:  http://oig.hhs.gov/fraud/medical-id-theft/OIG_Medical_Identity_Theft_Brochure.pdf


  1.  Contact your health insurance company to notify them that your medical identity has been compromised.  Provide specific details including the medical records and what information is incorrect.  Provide them information that demonstrates that the information is incorrect.  Direct them to remove the information and notify the providers.  If you do this over the phone document the conversation (date, time, who you spoke with, what was said).  Back up the phone call with written documentation to the insurance company.  Send all written correspondence with certified mail with a return receipt. 
  2. Contact medical professionals involved in the fraudulent care.  Tell them that the patient was not you.   Direct them to remove the information from your medical records.  Back everything said on the phone up with a paper request.  Send certified mail.
  3. The insurance company and health care provider MUST respond to your written correspondence within 30 days.
  4. Retain all documentation in a safe place.


Medical identity theft could be a serious issue for you!   If you are in a situation where you are unable to speak for yourself (for example if you are the victim of an accident) erroneous information in your medical files could cause serious problems with your care.  Protect the health information to the best of your ability then monitor your insurance records and finally take steps to remedy issues with your medical identity if you discover issues.   

No comments:

Post a Comment