How to Prevent Medical Identity Theft
Medical identity theft has become a serious threat for patients, as hackers and cyber criminals have been targeting the healthcare industry at alarming rates. So why are medical records so valuable to data thieves? Personal medical data is said to be more than ten times as valuable as credit card information. Just one patient record contains an enormous amount of identity information that hackers can exploit, including social security numbers, birth dates, addresses, credit card information, telephone numbers, Medicare numbers, and prescriptions.
Keeping this patient information safe from cyber-thieves must be a top priority for hospitals, healthcare organizations, urgent care facilities, and medical offices. The following are a few best practices that will help ensure your patient’s medical data is safe:
- Education- Educating your staff can be a first line of defense against data theft. Ensure your employees are informed on privacy policies, security measures, how data breaches occur and how to prevent them. Build staff awareness of medical identity theft and how to keep patient data secure.
- Email- Many attempts for data breach occur through unsolicited emails called “phishing.” Instruct employees never to open emails, attachments, or links from an unknown sender.
- Mobile devices- Protecting devices such as laptops, smartphones, and tablets with encryption and passwords is another way to avoid a potential data breach.
- Antivirus- Keep software and antivirus programs regularly up to date.
- Secure wireless networks and server- Set up firewalls and antivirus for all devices. Make sure your router and any other components are updated, network passwords are frequently changed, and unauthorized devices cannot access the network. Lock down your network server so that it cannot be physically removed from your office and lock up any backup or storage devices.
Common mistakes practices make:
- Employees sharing workstations or user IDs
- Leaving screens or workstations unsecured
- Sending patient medical information via unsecured email
- Using unsecured laptops, tablets, and smartphones
- Sending patient medical information through text messaging
- Speaking about private patient medical information to friends, family, patients or other medical offices.
- Failure to obtain the proper release/consent form to release patient medical data.