Recent studies show the following:

• Out of five industry categories, the medical/healthcare industry had the most data breaches in 2014 — for the third year in a row — totaling 41.5% of all security breaches last year.
• Medical identity theft has nearly doubled in the past five years, according to a 2014 study by the Medical Identity Fraud Alliance (MIFA).
• The MIFA study also found there were almost 500,000 more victims of medical identity theft in 2014 than in 2013.

Why are your dental records so valuable to data thieves? Because just one patient record contains a treasure trove of identity information that hackers can exploit, including the following:

• Full name and birth date
• Social Security and Medicare numbers
• Home and email addresses
• Names of parents and other family members
• Work and home phone numbers
• Photos, prescriptions, and more

Some dental records also include payment information, such as driver’s license, credit card, and bank account numbers. These records bring top dollar on the black market. Just one Medicare number can sell for close to $500.

6 steps

To protect your practice from hackers and avoid data theft, follow these steps:

1. Educate your staff

2. Protect mobile devices

3. Extend security policies to your business associates

4. Be wary of email

5. Keep your system software and antivirus programs up to date

6. Protect your network server

Click here to read the full article and details on protecting your patient data.

April 1, 2016 by Jonny Brennan, MD, DMD, MPH, DrBicuspid.com

Meredith Phillips, chief information privacy & security officer at Henry Ford Health System in Michigan, was presented the PHI Hero Award at the 2016 PHI Protection Network Conference in Philadelphia last week.

Phillips was recognized for building a culture of privacy and security across all departments and developing an innovative approach to data breach response. The first step toward a more nimble response to data breaches was the establishment of a new Information Privacy Office (IPO), which has approximately 60 employees, with an expanded scope to include all confidential data. Rather than individuals at separate facilities managing privacy, the new centralized IPO structure ensures consistency and allows the organization to respond more rapidly to new regulations.

Phillips recently became president of the board at the Medical Identity Fraud Alliance, which provides leadership, education and awareness to drive the development of best-in-class technologies and influences changes to regulation, regarding personally identifiable information and protected health information (PHI). She also became the chair of the Michigan Healthcare Cybersecurity Council, an independent public-private partnership whose mission is to protect the critical healthcare infrastructure in the State of Michigan and to mature and advance the state of cybersecurity preparedness across the healthcare industry in Michigan.

In accepting the award, Phillips described some of the challenges she has faced at Henry Ford and how she has learned from them. She said getting senior-level executives to embrace change is critical.

Click here to read the full article.

March 22, 2016 by David Raths, Healthcare Informatics

South Bay man Ronnie Bogle gave an emotional courtroom statement at the sentencing hearing for his brother Gary Bogle, saying Gary “tortured” him for years by stealing his identity and using it for medical treatment at hospitals around the country. Authorities call this medical identity theft, and the Medical ID Fraud Alliance estimates this crime victimized 2.3 million Americans in 2014.

Santa Clara deputy district attorney Tom Flattery asked the judge to impose a stiff penalty, saying this type of identity theft is “much more serious” because it involved medical information and records, not just financial information.

Ronnie said he’s spent countless hours over the past five years trying to clear his name. He described a personal nightmare dealing with damaged credit and fighting with hospital billing departments over tens of thousands of dollars in charges for treatment he never received.

Click here to read the full article and watch the newscast video.

Click here for Ronnie’s original story, March 2015.

March 8, 2016 By Vicky Nguyen and David Paredes, NBC Bay Area

The largest health care privacy breach in Ohio occurred in Springfield late last year when a contractor working for Community Mercy Health Partners inadvertently disposed of more than 113,000 medical records in a public recycling bin.

A 2009 law was supposed to strengthen government oversight of health care providers, but at least one of its key provisions hasn’t been implemented and the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) was called out by its Inspector General last year for not being proactive enough.

Since then, health care providers have reported more than 1,400 large breaches that involved more than 500 individuals, affecting more than 155 million people. The office has also investigated more than 125,000 smaller breaches and complaints.

Many in the industry point out that big data and health care have only been synonymous for about the past five years, meaning the systems and enforcement are still growing and maturing.

“Having a wealth of cyber data is recent for health care,” said Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance.

Hospitals haven’t been out front in terms of innovating to protect against fraud like banks were several decades ago, experts said, but it’s a much more complex industry.

In most cases, especially those involving hacking, organizations don’t have a willful disregard of the law. OCR looks to see that all efforts have been made to follow procedures and correct errors.

Some patients affected by local breaches said they were left with more questions than answers. “A letter’s not going to save my kids from identity theft,” Lisa Cornelison said.

Medical identity fraud can be particularly harmful, Patterson said.

Patients can find that someone who accessed their insurance information has maxed out their coverage limits for the year. A victim’s medical information can become co-mingled with the thief’s as well, such as wrong blood types or allergies listed.

“Over 20 percent of medical identity theft victims experience some form of negative health outcome,” Patterson said.

Click here to read the full article.

February 4, 2016 By Katie Wedell, Springfield News-Sun

PHILADELPHIA — March 3, 2016 — Rising cyber risks and new threats to healthcare data require new approaches to safeguard protected health information (PHI). At the forefront of new privacy and security approaches is Meredith Phillips, CHC, CHPC, HCISPP, ITIL, chief information privacy & security officer at Henry Ford Health System, who will be presented with the PHI Hero Award at the 2016 PHI Protection Network Conference, taking place March 17-18, 2016 in Philadelphia. Attendees will hear from state and federal agencies and practicing security and privacy professionals about what organizations can do to manage the new data threats and address the rise in cyber-crime.

At the fourth annual 2016 PHI Protection Network Conference, Meredith Phillips, CHC, CHPC, HCISPP, ITIL, will be honored for her commitment to and outstanding work in privacy and security at Henry Ford Health System. There, she has built a culture of privacy and security across all departments and is a leading example of how other organizations can do the same. Meredith’s passion for protecting people and their health information spans her 22-year career. As chief information privacy & security officer at Henry Ford Health System, she is a strategic leader with solid processes and goals, an eye for technology and regulatory requirements, an innovative approach to data breach response, and most notably, her work to unify the entire organization and adopt a culture of privacy and security.

Based in Detroit, the Henry Ford Health System is one of Michigan’s anchor institutions and is comprised of hospitals, medical centers, and one of the nation’s largest group practices. Meredith recently became president of the board at the Medical Identity Fraud Alliance (MIFA). MIFA provides leadership, education and awareness to drive the development of best-in-class technologies and influences changes to regulation, policies and law regarding Personally Identifiable Information (PII) and Protected Health Information (PHI). Meredith also became the chair of the Michigan Healthcare Cybersecurity Council (MiHCC). MiHCC is an independent public-private partnership whose mission is to protect the critical healthcare infrastructure in the State of Michigan and to mature and advance the state of cybersecurity preparedness across the healthcare industry in Michigan.

Click here to read the full press announcement.

March 3, 2016 by ID Experts, PHI Protection Network

Healthcare-related data breaches and medical identity theft and fraud are on the rise.

Thieves that intend to use your medical, insurance or financial information for themselves often don’t get all the information they need in one place. They are good at aggregating details to create a complete medical identity profile they can exploit, according to the Medical Identity Fraud Alliance.

The group and other security experts gave tips to make sure you’re not handing over the bit of information someone needs to assume your medical identity.

Click here to read the full article and tips to protect yourself.

February 3, 2016 By Katie Wedell, Springfield News-Sun

The victim, Ronnie Bogle, lost much more than his financial information — his entire medical history was hijacked as well.

Bogle lives in San Jose and had never visited Washington, but his criminal history, medical history and credit history said otherwise. Police say his brother Gary Bogle had been living as a transient in Washington and used Ronnie’s personal information to obtain treatment during expensive ER visits. He also used Ronnie’s name during multiple arrests for crimes related to drunken behavior.

The result was an extensive criminal record in Washington under Ronnie’s name and a long list of unpaid medical bills that destroyed his credit, leaving him unable to qualify for a credit card.

Beyond the financial concerns, medical identity theft can have deadly consequences. Vital information such as blood type, allergies and ongoing prescriptions can become distorted.

“It really presents a patient safety issue if we aren’t dealing with an individual as they present themselves, because a lot of information is in a medical record that we rely on to help treat individuals,” said Sydney Bersante of St. Joseph’s Hospital in Tacoma. St. Joseph’s was one of the facilities where Gary Bogle received care under Ronnie Bogle’s name.

A study by the Medical ID Fraud Alliance called medical identity theft 20 times more lucrative than traditional credit card theft.

Click here to watch the news cast and read the full article.

March 4, 2016 By Danielle Leigh, KING 5 NBC News

According to the Medical Identity Fraud Alliance, over two million Americans were victims of medical identity theft in 2014, a 22 percent increase since 2013. Many thieves will steal health insurance numbers to gain access to prescribed drugs, to see medical practitioners or to file claims with your health insurance provider. Medical identity theft is dangerous to consumers of health insurance. Victims of medical identity theft have ended up paying at least $13,000 to resolve the issues according to MIFA.

One of the most frustrating things about being a victim of medical identity theft is the process of resolving the issue. A survey done by MIFA found that only 10 percent of the participants were completely satisfied with the conclusion of resolving their incident.

Learn tips such as:

• Read your medical and insurance statements.
• Have copies of your medical records.
• Request the accounting of disclosures for your records.
• Not sharing your medical and health insurance information with anyone that asks for it over phone or email, unless you are the one initiating contact.

Click here to read the full article.

February 3, 2016 By Gina Noe, The Richmond Register

The Department of Health and Human Services explained its efforts to combat medical identity theft in a Jan. 20 letter to the Senate Senate Health, Education, Labor and Pensions (HELP) Committee.

The letter was in response to a request by Senate HELP Committee and Finance Committee leaders in November for information about how the federal government is working to curb the rise in medical identity theft.

Members of the Senate HELP Committee who aren’t satisfied with the HHS’s plan for helping victims of medical identity theft are mulling ways to improve federal fraud-fighting efforts.

The issue could reignite debate over a provision in the Affordable Care Act that capped health-care organizations’ spending on fraud prevention, an official with a national nonprofit that works to reduce medical identity theft told Bloomberg BNA Feb. 2.

“The government has a role to play in incentivizing private industry to do the right things,” Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance, said.

Click here to read the full article.

February 3, 2016 By Alex Ruoff, Bloomberg BNA

Members of the Senate Health, Education, Labor and Pensions (HELP) Committee aren’t satisfied with the HHS’s current plan for helping victims of medical identity theft and are mulling ways to improve federal fraud-fighting efforts, an aide for the committee’s Republican majority told me recently.

The federal government could bolster private sector efforts to combat medical identity theft by removing fraud spending from insurers’ medical loss ratio calculation, Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance, said. This provision of the Affordable Care Act has prevented health plans from expanding their fraud prevention programs even as data breaches increasingly become an issue for the industry, she said.

“The government has a role to play in incentivizing private industry to do the right things,” Patterson said.

The ACA requires insurers to submit data to the HHS on the proportion of premium revenues they spend on clinical services and quality improvement compared with other spending such as administrative overhead, which includes fraud prevention programs. Insurers must spend at least 80 percent of the money they receive from premiums on clinical care.

However, Patterson said, fraud can interfere with clinical care, causing misdiagnoses and delays in care, and therefore should be considered a contribution to clinical care under medical loss ratio requirements, an argument insurers tried unsuccessfully to make when the ACA was first passed.

Click here to read the full article.

February 2, 2016 By Alex Ruoff, Bloomberg BNA