Recent reports of widespread identity theft and cyber-crimes highlight the need for everyone to minimize exposure to personal identity theft and other cyber-crime scams. The crime of identity theft consists of using someone else's name for fraud and committing cyber-crime is using a computer for fraud. The practice of committing identity theft and cyber-crimes is reaching epidemic proportions!
Unfortunately, the healthcare industry makes an attractive target for identity theft and cyber-crime because large volumes of protected health information [PHI] are collected and maintained. Plus, provider offices and hospitals in particular tend to be open environments, especially since they send electronic claims transactions. We all want good medical care and this means that our PHI must be feely sent between health care providers and health plans, but we need to ensure good privacy and security protections.
The major data elements that are most often sought in identity theft and cyber-crime include:
- Your name;
- Your sex;
- Your date of birth;
- Your home address/zip code;
- You social security number; and/or
- Other identifying numbers such as your ATM pin number.
Most of these data elements can be found in your medical, clinical and business records.
The methods that cyber thieves use include:
- Stealing records or information while working as employees or contractors;
- Bribing or duping employees or business partners;
- Hacking into records;
- Stealing mail;
- Harvesting trash;
- Skimming using various data storage devices; and/or
- Posing as a legitimate business when requesting information on the Internet.
Fraudsters want access to your bank accounts and credit cards so that they can get false credit cards using your name and other data elements.
Three Major Protective Steps
There are three major steps that FEP uses to protect your PHI from identity theft and cyber-crime: deter, detect, and defend.
FEP DETERS identity thieves by safeguarding your information:
- Shredding documents and other paperwork with PHI before discarding the documents;
- Protecting all numbers related to your PHI and giving it out only when necessary in compliance with federal guidelines;
- Not give out your PHI over the phone, through the mail or over the Internet unless the FEP staff knows who they are dealing with;
- Never permitting staff to click on links sent in unsolicited emails;
- Uses firewalls, anti-spy ware and anti-virus software to protect your PHI;
- Does not permit the use of obvious passwords such as a first or last name or a pet's name; and
- Always keeps your PHI in a secure place and never on a computer's hard drive.
FEP DETECTS suspicious activity by routinely monitoring your PHI:
- Investigating firewall and virus issues immediately;
- Being alert for items that do not arrive as expected;
- Being alert for unexpected items, such as calls, email and packages; and
- Being alert for denials for no apparent reason.
FEP DEFENDS against identity theft and cyber fraud by taking actions as soon as they suspect problems:
- Using fraud alerts and other forms of communication with its staff; and
- Filing reports with IT and the appropriate manager for any suspicious communications or lack there of.