As healthcare providers, you already have an obligation to protect patient healthcare data strenuously, something demanded not only by HIPAA and other laws, but by every form of legal ethics as well. That being said, it's no fun when you're forced to consider yet another set of security issues that might come into play when protecting your patient data. Unfortunately, that's what you're facing with the specter of medical identity theft.
It's definitely a challenging problem. How many industries have to face the possibility that the person who's enjoying their services isn't who they say they are?
Clearly, the FTC already is on the case, issuing rules that are supposed to help healthcare organizations--and other businesses--develop policies for dealing with identity theft. But I suspect that administrative remedies focused on detection of bad actors are just the beginning. In the future, hospitals may need to do a great deal more to verify that they're treating the right patient, including:
* Biometric scanning: If you want to make sure you've got the right person, retinal scans are hard to beat, as are fingerprint scans. A bit pricey, perhaps, but they may become a necessity.
* Security challenges: As is common when people want to access data or services in the financial industry, make patients answer a one or two-question challenge that requires them to answer personal questions from their medical history accurately, such as "I've had the following surgical procedures: a) open heart surgery, b) gallbladder removal, c) C-section, d) plastic surgery."
* Financial verification: Make sure that the person knows some financial details only the account holder is likely to know, such as the last deposit and the last withdrawal they made from their bank account.
I'm not a security expert--I cite these only from personal experience in how institutions verify my identity--but you get the point. Medical identity theft is a sufficiently potent threat in which security measures that seem extreme today may well become necessary in the future. If it sounds like some dystopian novel, well, I can see your point, but sometimes tough times call for tough measures.
What do you think? Is the industry likely to reach the point where we have to screen patients this intensely? Have you been running into medical identity theft for the purposes of stealing services from your facility or practice, and what are you doing about it? I'd love to learn more. - Anne
P.S. Over at blog Hospital Impact, blogger Tony Chen has offered his list of six implications of the financial meltdown for hospitals. It's worth a read.
Finally, if you have a minute, please click on the following link to take our short survey. It's your chance to tell us about your background and how FierceHealthFinance can better contribute to your success. Three minutes and some clicks of your mouse are all it takes. TAKE THE SURVEY -->