Safeguarding PHI from Looters

Posted by in Members in the News, MIFA in the News, News.

Drugstore Incidents in Baltimore Offer Lessons.

Retail pharmacy chain Rite Aid on June 3 issued a statement to notify the media that an undisclosed number of customers of several of its Baltimore area stores were potentially affected by breaches of their protected health information as a result of the looting and riots that occurred in late April. Rite Aid says there is no evidence yet that any customer information has been misused. But as a precaution, the company has engaged Kroll, a provider of risk mitigation and response services, “to alert impacted customers via a letter of notification and share with them the proactive measures it has taken to guard against identity theft.”

A Department of Health and Human Services’ Office for Civil Rights spokeswoman highlights HIPAA’s relevant requirements. “The HIPAA Privacy Rule requires a covered entity to have in place appropriate physical and other safeguards to protect the privacy of PHI, including reasonable safeguards to protect against any intentional or unintentional use or disclosure in violation of the privacy rule,” she notes. “Covered entities are also required to address physical and other safeguards under the Security Rule, which includes standards for a facility security plan.”

To help deter medical ID fraud, Ann Patterson, senior vice president and program director of the Medical Identity Fraud Alliance, suggests that affected pharmacies, especially the larger chains with more sophisticated pharmacy information systems, set up alerts to “flag” refill orders and pick-ups for prescription numbers that were impacted by the lootings. Those alerts could include reminders for store personnel to ask customers for ID when picking up prescriptions. “Anytime someone is trying to refill or pick up a prescription, it’s good to authenticate the ID of that person,” she says. “But in the aftermath of lootings and thefts, you really need to do that.”

Patterson also suggests that as a precaution, individuals who are notified by the pharmacies about the looting-related breaches should closely monitor their Explanation of Benefits statements from health insurers for suspicious transactions. That includes unfamiliar transactions that might indicate that someone other than the individual has received medical treatment or prescription medicines using the breach victim’s ID.

Click here to read the full article.

June 5, 2015 by Marianne Kolbasuk McGee, HealthcareInfoSecurity

21CT
AARP Logo
Aetna
AMS logo
LogoHorizfromEPS_72dpi
BCBSA Logo
CareFirst
Center for Identity Management and Information Protection logo
ClearwaterCompliance logo
Coalition Against Insurance Fraud
CFA Logo
csid
emdeon logo
Europ Assistance
Experian Logo
Florida Blue
HealthInsight Corporate1 clr PMS August 2014 v2 - CIRCLE ICON OU
HFHS Logo
IDE-Logo-Transparent 250x100
IDT911_notag_200x52
ITRC Logo
ISSA-Logo-Color-slider
kaiser permanente logo
LifeMedId logo
maize analytics logo
MDCVRC Logo
Meditology Logo
NHCAA Logo
norse-mifa-Slider
North-Shore-LIJ-Logo
Parry Advisory
Patient-Secure-Logo
SIDC-LogoWeb150x72
Smart-Card-Alliance-Logo
Stoel Rives
TraitWare Logo
UnitedHealthcare
U.S. Department of Labor
U.S. Department of Veterans Affairs