1. Identity Theft in Health Care Facilities Faith Mondry, J.D.
United States Postal Inspector
2. TYPES OF ID THEFT� Theft of patient identifiers by employee
Theft of patient identifiers by non-employee
Theft of employee information
Theft of paper records, HR and/or medical
Theft of digitized records, HR and/or medical
3. �Ripped from the headlines:�Identity Theft Reported by 33% of Healthcare Organizations� InformationWeek, November 9, 2010 article ID 228200516
4. � Theft of patient identifiers by an employee or contractor
Operation Quick Change
U.S. Postal Inspection Service Case, reported 3/25/2010, Chicago Tribune, janitorial employee alleged to have stolen patient identifiers out of files at night while she was cleaning medical offices
5. Ripped from the headlines: Former Holy Cross Hospital employee pleads guilty to ID theft
-Sun Sentinel, 1/26/2011
Fort Lauderdale, FL ER clerk alleged to have sold patient identifiers for cash
6. Can this type of theft be prevented? Best practices for pre-employment screening
do the most thorough background check available to your facility!
Ask contractors to do the same
Ensure that all personal identifiers are handled on a need to see basis
Ensure that all personal identifiers are properly secured
7. Theft or misuse of identifiers by non-employee
How many stolen laptops do we need to read about before we get the point???
8. �����Ripped from the headlines:��Stolen laptop contained Sebastopol substance abuse patient information��-www.pressdemocrat.com/article 20110114, January 14, 2011�-physicians laptop was stolen at a New York hotel
9. Can this type of theft be prevented? Restrict patient information and access devices leaving the facility
Ensure that any information leaving the facility is encrypted and password protected
Ensure that a policy is in place- and that employees are trained to follow it- when sensitive information goes on the road
10. Classic medical identity theft Patients use another identity to obtain medical services
Fraudulent medical records lead to fraudulent billing to insurance companies
consequences when drug allergies or interactions are under the radar with false patient identities
11. Ripped from the headlines:�ID theft at the doctors office -New Beauty Magazine, March 26, 2009
The Big-Bust Bandit in Orange County, CA used another womans identity to undergo liposuction and breast augmentation at the Pacific Center for Plastic Surgery
12. Where do you keep personal identifier information? Digitized files on desktops and laptops
Who has access? Where are the computers located? Is the area secure from non-critical viewing and usage?
What about after hours?
13. Where do you keep personal identifier information? Paper files should be secured
even during the day when offices are occupied
File cabinets where information is stored should be outside of public/non-critical viewing areas and should have restricted access when practical
14. How well does your physical layout protect you from identity thieves?
15. Where do you place your incoming and outgoing mail?
Postal Inspector
I have to ask.
16. What do you do when a breach occurrs? If an employee is the identity thief
REPORT IT TO LAW ENFORCEMENT and follow institutions protocol for victim notification
If a non-employee is the identity thief
REPORT IT TO LAW ENFORCEMENT and follow institutions protocol for victim notification
17. Privacy Issues Legal issues regarding disclosure to law enforcement
Risk of fraud/ID theft and continued victimization vs. legal requirements to protect patient privacy
Crime on premises
18. Whom do you report it to? State and local law enforcement
Federal law enforcement
Depends upon the nature/scope of the crime
19. QUESTIONS???
