The Healthcare Information Portability and Accountability Act (HIPAA) have been instituted to ensure the safety and confidentiality of electronic health data. If you are a physician, your practice should have stringent measures in place to safeguard medical data, including HIPAA-compliant medical billing and coding practices. If you outsource these tasks, your service provider should have administrative, physical, and technical safeguards to ensure the security of the data you entrust them with.
Compliance with HIPAA extends to all healthcare entities including insurance companies. The recent Anthem breach is an instance of how personal information of millions of insured individuals was compromised, and it’s being debated as to whether this constitutes a violation of HIPAA.
The Anthem breach
While reliable medical outsourcing companies can provide secure HIPAA compliant solutions for physicians, insurance companies are at significant risk of data hacking. Currently, the healthcare industry is in a precarious situation with the news of the hacking of Anthem’s confidential patient and employee health information being hacked.
The extent of the breach could potentially be large since while the incursion was only detected at end of January 2015, there are still many unanswered questions as to when the hacking began and how much data has been lost. Up to 80 million records have already been found breached. Many believe it could well be the largest hacking of data ever reported by an organization in the healthcare industry.
According to the health insurer, the breach involved details such as names, social security numbers, birthdays, addresses, income date and other employment information, and email IDs. However, reports indicate that no theft of medical information, credit card details or other financial information has been detected yet. Anthem called the attack a “sophisticated” one with the aim of gaining unauthorized access to the company’s IT systems. The consumers whose information was hacked included not only current consumers but also previous ones.
Identity theft in the healthcare industry is serious as it cannot be detected immediately, unlike similar issues in the financial sector. Patients or providers could come to know of the breach only after years, by which time, the data could have been misused. Anthem said it would inform each of the affected persons individually, but that they would have to face the effects of the theft all through their lives.
To help victims be on guard, Anthem said it would provide them with free credit monitoring as well as identity protection. These will send alerts to customers in instances of suspicious activity on their reports and also when anyone else uses their identity.
What consumers can do?
Experts believe that the victims should not wait for Anthem’s measures but rather take steps themselves by signing up for fraud alerts. This would help them stay on guard till Anthem’s credit monitoring service is set up. A fraud alert can prevent or check for anyone masquerading as the victim taking a loan. Lenders would take extra measures to ensure the identity of the individual.
What healthcare providers should do?
The Anthem experience throws up some important lessons. The following measures could help healthcare entities guard against a cyber attack:
- Conduct Risk Assessment. Healthcare providers should perform a security audit on a regular basis as this is a requirement under HIPAA
- All information that is stored or transmitted should be encrypted. One report says that Anthem had not encrypted stored personal data
- Install a firewall in the form of hardware or/and a software configuration that would block all traffic and allow only valid and necessary connections
- Frequently change passwords for all computer systems and make sure that the passwords are strong
- Train staff on HIPAA compliant policies
Importance of Choosing a HIPAA Compliant Outsourcing Partner
All healthcare organizations that keep or transmit electronic health information must ensure HIPAA compliance. Non-compliance can result in severe civil and criminal penalties. That’s why it’s critical that physician practices looking to outsource their medical billing and coding tasks choose a HIPAA compliant service provider.
Experienced medical billing companies have stringent measures in place to ensure that all personal health information (PHI) they receive remains secure and confidential. Their team of medical coders and billing specialists are well-trained in HIPAA requirements to help physicians maintain compliance with the latest federal regulations.
