Stolen patient information could serve many purposes whether it is to satisfy one’s curiosity or for medical and financial incentives. To prevent insider abuse of patient information, experts often recommend performing background checks, however, background checks provide information about the employees’ past history and past performance offers no future guarantee as they say in the investment community. An employee with a clean past can still cross into the dark side at a future time for a variety of reasons as we have discussed in the Fraud Drivers article. Background check is a great start and should be part of a broader business security practice, but, it is only one piece of the big picture to prevent abuse of patient information.
That being said, from a business standpoint, companies can complement background checks with prevention and detection processes such as monitoring employee activity online and offline with Closed-Circuit Television or CCTV and computer software. Preventing employees from performing certain tasks such as emailing large files to outside of the company unless authorized as well as monitoring access and movement of all information especially in its digital format can greatly reduce patient information security risks.
As far as individuals, they are really at the mercy of businesses which collect their personnel information to protect the collected information from being stolen or shared with others without authorization. However, patients can also avoid being victims of stolen patient information by sharing less information as suggested by the Identity Diet program. One way to share less medical and personal information is to avoid switching doctors and insurance providers as much as possible. As we all know, every time we visit a new doctor or sign up for a new insurance plan, we are forced to fill out a multitude of personal information sheets which increases our risks of identity theft. Although there are laws such as HIPAA and Red Flags Rule to force businesses think about and maintain the highest standards for privacy and security, businesses will continue to witness and report cases of stolen patient information due to untrained employees, lack of budget to properly shred and dispose of old or unused patient files, and carelessness.