Thursday, February 12, 2009

Medical Identity Theft Part Two

In my last column I talked about medical facilities doing very well as regards the HIPAA requirements to protect patient sensitive and personal information. The thrust of the article however, was to emphasize the value and importance of staff awareness training on identity loss and theft. Below is a short piece that reinforces that point. Although Kaiser is a pioneer in using electronic medical records, and has sophisticated systems to govern how patients' information is used and protected, this relatively unsophisticated crime occurred right under their noses.
Unknown to Kaiser, someone stole the personal information of Kaiser employees! HIPAA doesn't address personnel files, only those of patients. Owing to a compliance mentality the hospital group sought compliance with the law as a risk management tool but did not train the HR or payroll staff on how to protect the employees' files. The protection of personally identifiable information must be a holistic business to include both clients and employees or it is only half a program. It must include awareness training or it will not be effective.

"Kaiser Permanente is notifying nearly 30,000 Northern California employees that a security breach may have led to the release of their personal information. Some employees have reported identity thefts resulting from the breach,Kaiser reported.A law enforcement agency seized a computer file with Kaiser data from a person who was subsequently arrested. The suspect was not a Kaiser employee. The file contained the type of information typically held by a human resources department, according to a written statement issued by Gay Westfall, senior vice president of human resources for Kaiser. "

2 comments:

Anonymous said...

Great posts on medical identity theft from the perspective of hospitals and other health care facilities. We recently talked about medical ID theft on our blog from the consumers' point of view, and it's definitely an important issue for those on the business side to understand and prepare for as well. Medical ID theft can be very dangerous, as it can lead to costly and potentially fatal mistakes in care.

Anonymous said...

I'm glad that you wrote about this. Keep writing about HIPAA. Most consumers have never heard of it.

George
Editor
http://ivebeenmugged.typepad.com