How much patient data is worth on the internet

How much patient data is worth on the internet? More than your credit profile!

The post appeared on June 26, 2014 in EMR & HIPAA

It’s one thing to have a laptop stolen with 8,000 patient records or for a disgruntled doctor to grab his patients’ records and start his own practice. It’s another when the Cosa Nostra steals that information, siphons money from the patient’s bank account and turns it into a patient trafficking crime ring. Welcome to organized crime in the age of big data.

Organized crime syndicates and gangs targeting medical practices and stealing patient information are on the rise. They’re grabbing patient names, addresses, insurance details, social security numbers, birth dates, etc., and using it to steal patients’ identities and their assets.

It’s not uncommon for the girlfriend of a gang member to infiltrate a medical practice or hospital, gain access to electronic health records, download patient information and hand it over to the offender who uses it to file false tax returns. In fact gang members often rent a hotel room and file the returns together, netting $40,000-$50,000 in one night!

Florida is hotbed for this activity and it’s spreading across the country. In California, narcotics investigators took down a methamphetamine ring and confiscated patient information on 4,500 patients. Investigators believe the stolen information was being used to obtain prescription drugs to make the illicit drug.

Value of patient records

Stolen patient information comes with a high price tag if the medical practice is fined by HIPAA. One lost or stolen patient record is estimated at $50, compared to the price of a credit card record which fetches a dollar. Patient records are highly lucrative. The below charts shows the value of patient information that might be sitting in an EHR system:

Amount of Patient Records

Value of Patient Records










Protect your practice

Medical practices need to realize they are vulnerable to patient record theft and should take steps to reduce their risk by implementing additional security. Here are seven steps that organizations can take to protect electronic patient information:

  1. Perform a security risk assessment – a security risk assessment is not only required for HIPAA Compliance and EHR Meaningful Use but it can identify security risks that may allow criminals to steal patient information.
  2. Screen job applicants – all job applicants should be properly screened prior to hiring and providing access to patient information. Look for criminal records, frequent job switches or anything else that might be a warning sign.
  3. Limit access to patient information – employees should have minimal access necessary to perform their jobs rather than full access to electronic health records.
  4. Audit access to patient information – every employee should use their own user ID and password; login information should not be shared. And access to patient information should be recorded, including who accessed, when, and which records they accessed.
  5. Review audit logs – organizations must keep an eye on audit logs. Criminal activity can be happening during a normal business day. Reviewing audit logs can uncover strange or unexpected activity. Let’s say an employee accesses, on average 10 patient records per day and on one particular day they retrieve 50 to 100 records. Or records are being accessed after business hours. Both activities could be a sign of criminal activity. The key is to review audit logs regularly and look for unusual access.
  6. Security training – all employees should receive security training on how to protect patient information, and make sure they know any patient information activity is being logged and reviewed. Knowing that employee actions are being observed should dissuade them from using patient information illegally.
  7. Limit the use of USB drives – in the past it would take a truck to steal 10,000 patient charts. Now they can easily be copied onto a small thumb/USB drive and slipped into a doctor’s lab coat. Organizations should limit the use of USB drives to prevent illegal activity.

The high resale value of patient information and the ability to use it to file false tax returns or acquire illegal prescriptions make it a prime target for criminals. Medical practices need to recognize the risk and put proper IT security measures in place to keep their patient information from “securing” hefty tax refunds

Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website