Experts predict federal law on medical ID theft

It is expected that in United States after the presidential election new congress seems to be in mood to bring a new proposal to strength federal law to combat medical identity theft. Medical identify theft is developing into a new type of crime in American soil where fraudulent activities cost billion of dollars to health care system at the same time they threatens the well being of the thousand of people whom medical identity gets stolen.

We are going to see legislation, probably in 2009, that addresses this in some way,” as told by Marcy Wilder, a health information law expert and partner at Washington law firm Hogan and Hartson. He made these remarks at a Medical Identity Theft Town Hall meeting sponsored by the Office of the National Coordinator for Health Information Technology.

As far as new law does not come into enforcement it is the Health Insurance Portability and Accountability Act (HIPAA) assures the strongest legal remedy against medical identity theft, Wilder told further on. The laws related to identity theft are in regulation at   40 states, however, Arkansas, California and Delaware have special provision under which medical information can be passed further on.

Under present prevailing laws including HIPPA a person can view the contents of his or her medical record to judge accuracy of that information. So checking information on a preview of medical theft is not a fraud.

Some New Modifications under HIPAA

Whatever, may be the implications and provisions of the HIPAA, but the most important issue still debated in HIPAA is about communication of the health information among friend and family members of the patients has been remained very crucial since the formation of HIPAA (Health Insurance Portability and Accountability Act of 1996).

HIPAA to some extent has made it frustrating experience for the family members and friends of patient to get all the relevant information. Any person can be despondent and frustrating when he fails to achieve information about his near one who is hospitalized. However, the new guidance as issued by the U.S Department of Health and Human Services may bring some transparency in distributing a patient’s information to his near and dear ones.

Under the new regulation, a patient’s information can be shared by health service provider face to face, over the phone, or in writing with closed ones of the patient. And moreover there is no necessary for a patient’s close one or anyone who is paying on the behalf of patient to produce and identity proof. It is the left upon the health service provider how it establishes a person’s identity whether to provide him with any information or not.

Here are the following changes.

•    Patient Guide: When Health Care Providers May Communicate About You with Your Family, Friends, or Others Involved in Your Care
•    Provider Guide: Communicating with a Patient’s Family, Friends, or Others Involved in a Patient’s Care

Stark Health IT Bill Calls For Medicare Incentives for Doctors and Hospitals

A new technology legislation that has provisions for incentive for using health IT and disincentives, if one fails to follow provisions of health IT as  purposed by Rep. Pete Stark, Chairman of the House Ways and Means Committee’s health subcommittee on September 15th.

The bill as stated, the Health-e Information Technology Act of 2008 is expected to increase privacy protection for health information and advises Health and Human Services Department to make a low-cost, open –source, standards-compliant health IT system till 2012.

As in case bill is passed through the legislation, the doctors as well as hospital both will be paid with incentive payments  in form of Medicare bonus fees- up to $40, 000 over five years for doctors and amounting up to million dollars for hospitals for using e-medical record system.  In order to ensure security, the bill is provided with strict laws and enforcement rules and anyone found guilty of breaching security would be penalized under Health Insurance Portability and Accountability Act of 1996.

“It shuts down the secondary market that has emerged around the sale and mining of patient health information by prohibiting the sale of patient information and applying stiff penalties to any individual or entity that uses or discloses health information in an unauthorized way,” as said by the Stark.

Government Agencies Have Finally Got Into Action to Implement HIPAA

In respect to check out the data security, the US Department of Health and Human Services’s (HHS) audit’s of Piedmont Hospital in Atlanta open a debate over federal government’s willingness to enforce HIPAA’s security and privacy rules.

As on the footsteps of Piedmont audit, approximately, after 18 months a severe agreement was signed between HHS and Seattle-based Providence Health & Service provider. After the audit of health service provider as conducted by the enforcement agency, under the provisions of the agreement Providence on July 18th agreed to follow a corrective action plan (CAP) and pay $100, 000 to settle down ‘potential violations’  of Health Insurance Portability Act for the security of electronic patient data.

The loss or theft of laptops, optical discs and backup tapes with unencrypted medical record of more than 386, 000 Provident Patients led the HHS to look into the issue of data security as under the provisions of HIPAA. Under the provisions of CAP, Providence will have to restructure its security policies including physical protections for portable devices for networking and storage of backup media.

In the measures for security of data, it is also agreed that there should be an encryption and password protection scheme and audit of the company operations at all the five states, where it is running its operation. This clause is also provided under the scheme that Providence’s chief security officer has to personally validate whether all the policies are being run properly.  Under CAP, Providence Health & Services agreed to follow steps:

“Revise policies and procedures for safeguarding patient data while it is stored at or being transported to off-site facilities.
* Train all workers on security policies and submit proof to HHS that the training has been completed.
* Update policies as needed, but at least on an annual basis.
* Ensure that a security risk assessment and management plan and a data breach notification policy are in place.
* Conduct reviews that include unannounced audits, spot checks and site visits at company facilities.”

This action has given clear message to other service provider’s that it is time to get prepared and follow the instructions as mentioned in the HIPAA act for medical data security.

Medical Establishment Should Concentrate Over EMR Software

With the launch of Health Insurance Portability and Accountability Act into the force and implementation, it has increased conventionality and complexity of paper-based office. The most difficult part of HIPAA is that responsibility of regulating and carrying over the clauses of HIPAA completely lies with medical establishments and hospitals. And many of the procedures get digitalized with a very rare paper work and in most of the cases; it is done once throughout the life of an implemented procedure.

Most of the medical data is now regulated through electronic medical records, automating functions; however, it has raised new concern for law enforcement agencies with some cases of medical records theft. So in order to keep things in touch and regulation, the Department of Health and Human Services (HHS) last year started an unannounced HIPAA audits forcing offices and hospitals to be consistently up date policies and practices involving patients records.

In such a traumatizing situation a medical establishment can contact with an EMR software company to provide system and base to effective abide by clauses and law of HIPAA.  Be sure any system that you are buying is HIPAA complaint. Your HIPAA compliance software includes Digital signatures and encryption on all patient information, intra-office database, and safe secure backup capability. In your search for EMR software, look for software that has already been certified as HIPAA-compliant, preferably by multiple independent organizations.

Security Cautions While Doing Network Scanning

As for any of the reasons, before starting any sort of network scanning program, it is very essential for you to get access into an existing secure network that includes secure file storage system. However, there are certain governmental regulations like Sarbanes- Oxley or HIPAA (Health Insurance Portability and Accountability Act) which requires mandatory security at the time when scanning of the Networking is on and or through process.

There are many issues that are to ascertain when employee files are scanned and on the top is the security concern who should be delivered responsibility of scanning and retrieving files. While through the network scanning many people comes into access with network, hence security is important at every stage. In order to keep the issue of network security on the top level it is the Hardware manufacturers are in alignment with software developers to establish security measures for authentication and document security.
These security features like SMTP (simple mail transfer protocol) and LDAP (lightweight directory access protocol) authentication led a user to transfer scanned and protected digital files. The other issues as related to the Network Scanning are technical incompatibility with the network file server and slower network performance as aroused from the scanning of network are needed to be addressed.

How to Cope With Problem of Medical Identity Theft?

Medical Identity Theft is known as criminal activity as operated by individual or group of Individuals of stealing someone’s identity in order to get medical supplies or services. This type of theft is, generally, committed by two group of people, one, who is either known to you, or the other one that is inside the business; who is in hospital where your medical records are kept or anyone closely associated with your medical service provider.

Your medical information thus gets passed on from the thief to crime rings, ID theft and individuals for money. Never let your SSN (Social Security Number) and health record number to be left at any place nor allow any one to use your number as it can be misused by them.

The other thing that you can least do to save your medical record is demand of health records when visiting a doctor. This though cannot stop anyone from stealing your medical records but you at least can have a hard copy of your medical record.  As most of the people generally don’t know they are victim of Identity theft and when they know, then it happens otherwise in hard way. They receive medical bills for the services never used by them and worst happens that they get arrested for nothing of their fault.

The process of getting your medical identity back is a difficult process it is obvious that there is different opinion that is adopted by different medical centers on your complaint. You can start the things by filing a police report. In case, you are still facing problem the best that you can do is that can ask for the copy of HIPAA (Health Insurance Portability and Accountability Act). HIPAA never provide legal deletion of your medical record, however you can make an amendment to the record.

And even bill collectors are also very difficult to get rid of until and unless hospital and service providers are co-operative.  It can even take years to get your medical identity back.

HIPAA Leading Doctors towards Minimal Use E-Mails

Like all other areas of life, e-mail also has developed into an effective medium of communication in medical world and among doctors. This has really solved problem for physician as he can save his valuable time otherwise may be wasted over making, calling and returning a patient’s telephone call.

By E-mail communication a great sense has prevailed in medical industry as it has cut short the time between doctors and patients into the 15teen minutes appointment and medical record in access on the click of a mouse. However, a legal complication has retarded the interest of doctors in communicating with patients as expense of installing a secure, encrypted system and loss of hard earned money.

According to survey of Manhattan Research of 36 percent US physicians are communicating with patients via e-mail, instant messaging or secure messaging services.
One major drawback why physicians aren’t using e-mail is they don’t know the legal ramifications,” said Mike McCann, a Vermont Law School professor and a visiting professor at the Boston College Law School.

HIPAA, the Health Insurance Portability and Accountability Act of 1996, requires “electronic protected health information,” including e-mail, be communicated securely, or encrypted. This has led doctors from prevented the e-mail as a form of communication. Whatever be the cause an e-mail practically reduces number of phone calls and faxes from patient, the spread of e-mail is inevitable.