PHI is a bankable commodity. Hackers steal data and sell it to fraudsters. Individuals borrow or trade health information to fraudulently obtain coverage for services. Medical identity theft is a highly personal crime that can impact the victim's finances, personal and professional life, and health. Protecting this data is a tall order and involves staff in diverse departments, from front desk registration to information security.
"It doesn't take much to steal a credit card and use it for a hit-and-run buying spree, but healthcare data includes far more personal information," says Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts. PHI often includes the individual's name, address, and Social Security number, along with medical record numbers and insurance identification number.
Understanding how to detect medical identity theft and how to mitigate its effects can help organizations reduce the prevalence of such crime.
Medical identity theft can be difficult to detect, says Chris Apgar, CISSP, founder of Apgar and Associates, LLC, in Portland, Oregon.
"There is no national tracking system in place like there is with, say, theft of credit card data. I could perpetrate Medicaid fraud using the same data in multiple states, and unlike with credit cards, there is no national system to detect and shut down medical identity theft," he says.
Q: If my medical waste includes PHI, do I need a BAA with our waste management vendor?
A: Yes. For example, clinics and hospitals contracting with bio-waste disposal vendors that dispose of IV bags execute a BAA with the bio-waste disposal vendors. It's no different than the requirement to execute a BAA with a document shredding vendor. If the vendor will come in contact with PHI, a BAA is in order.
Editor's note: Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
It's no secret that hospitals struggle with assigning the most appropriate status for patients, and this challenge is compounded by CMS' frequent changes to its regulations and guidance. To combat incorrect patient status assignments, one hospital has developed a system that rewards employees for speaking up when they suspect a patient's status is incorrect.
So many people struggle early in their careers with finding a perfect fit for their talents and passion. My story is exactly the opposite. My entire family is in healthcare, so I chose my career quite naturally. Though I had a bit of a circuitous route into my final landing place, I cannot say I'm surprised to have landed here.
Reconciliation is a noun meaning "the process of finding a way to make two different ideas, facts, etc. exist or be true at the same time." In the world of clinical documentation improvement (CDI), "reconciliation" typically refers to diagnosis-related group (DRG) reconciliation, which is the process of adjusting DRGs when those assigned by the CDI specialist do not match those assigned by the coder.
