When a Healthcare Data Breach Strikes: Don't Be Exposed Like the Back of a Hospital Gown; 10 Actions Patients Can Take

New Ponemon Study Reveals Hospitals and Healthcare Providers are Sloppy When Dealing with Private Patient Records



TRAVERSE CITY, Mich. and PORTLAND, Ore., Dec. 1, 2011 /PRNewswire/ -- "Sloppy" is not a word patients want to hear at the hospital. Especially to describe the handling of patients' private medical records, insurance information and Social Security Numbers. The latest 2011 Benchmark Study on Patient Privacy and Data Security by Ponemon Institute, sponsored by ID Experts®, is a disturbing reality check for patients.


The latest research reveals that the frequency of data breaches in healthcare has increased by 32 percent, largely because of employee negligence. This puts individuals at a greater risk for medical identity theft, financial harm, embarrassment and frustration.


Consider these true stories: a filing cabinet full of medical records was found for sale at a garage sale; a hospital worker left medical files in the car which were later stolen; or a keychain with a dangling USB flash drive containing patient information: lost.


"Data breach risks are high, identity theft and medical identity theft are on the rise and patients' privacy is affected," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

10 Actions Patients Can Take if Their Medical Information Has Been Breached

"Save sloppy for the Sloppy Joes served in the hospital cafeterias, not for the handling of patients' private medical records," said Rick Kam, president and co-founder of ID Experts, the leader in comprehensive data breach solutions.


Rick Kam offers these 10 tips for patients when their medical records, Social Security Number, insurance information, or credit card information have been compromised:

  1. Get the type of identity monitoring that you need.
    Patients need to be savvy about how their medical data—referred to as protected health information (PHI)—is managed. If your information is compromised, don't accept only credit monitoring. Tell your healthcare provider you want medical identity monitoring services that will alert you to suspicious activity involving your medical claims.
  2. Review all EOBs (Explanation of Benefits) and/or MSNs (Medicare Summary Notice).
    Reading insurance claims can protect you. If your medical identity has been compromised—or even if it hasn't—scan all insurance or other medical information with a careful eye. Pay special attention to medical goods or services that you didn't receive.
  3. Update your accounts and passwords.
    Many people use the same password—or variation of it—for everything: unlocking their smartphone to accessing their bank accounts or logging into Facebook. Varying your passwords—using a combination of letters, numbers, and symbols—and changing them periodically can minimize potential damage.
  4. Be on high alert for phishing emails, texts or phone calls.
    Now that your data is loose, scammers or thieves could ask you for additional personal or financial information by e-mail, text message, telephone or online. Don't respond to these messages or links. Legitimate organizations and companies will never ask for this information via unsecured channels. OnguardOnline.gov is a good resource.
  5. Contact government agencies and place a "flag" on your files when you can.
    Putting a flag on your file will help keep an eye out for unusual account activity, suspicious documents, and alerts from law enforcement. Some entities have more formal processes for flagging you in their systems than others, but it never hurts to ask.
  6. Monitor all of your financial accounts.
    This includes banking, credit and mortgage acounts—including your hospital and doctor's billing records. Even if you do accept credit monitoring services, nobody knows your banking habits better than you.
  7. Place an initial fraud alert or a credit freeze with one of the three credit bureaus.
    You can place a fraud alert online with Equifax, Experian or TransUnion. It's free and valid for 90 days. The bureau you select will contact the other bureaus. A credit freeze lets you restrict who has access to your credit report, preventing a thief from opening a new account in your name.  (This is a semi-permanent solution and isn't necessarily the right thing for everyone, or every situation.)
  8. Get and review copies of all three credit reports.
    The ONLY place you can get truly free credit reports without committing to a subscription is www.annualcreditreport.com. You can do it online or by calling 1-877-322-8228. This is a federally mandated site that allows you to get a free credit report from each of the three credit bureaus every 12 months. Do this annually, even if you are fortunate enough not to have your information compromised. Caution: Avoid online offers promising you a copy of your credit report for a nominal fee or other financial commitment.
  9. Accept credit monitoring services.
    If the company or organization that compromised your information offers these services, take them. Credit monitoring can help alert you early to suspicious activity involving some of your financial data or Social Security Number but remember that credit monitoring will not alert you to medical identity theft.
  10. Trust that the company is doing its best.
    While data breaches can jeopardize your information, they are also a real headache for companies and organizations. Most companies want to do the right thing by you and it's in their best interest to preserve their reputation. On the other hand, be alert for the company or organization that won't answer your phone calls, or whose call center agents are not helpful. You can always take your complaint to the Federal Trade Commission, the Better Business Bureau, the Identity Theft Resource Center or your state's Attorney General. For a complete list, visit http://www.consumerfraudreporting.org/stateattorneygenerallist.php.

For a free copy of the 2011 Benchmark Study on Patient Privacy and Data Security, by Ponemon Institute, sponsored by ID Experts, visit http://www2.idexpertscorp.com/ponemon-study-2011/ or for a free copy of the 10 Actions Patients Can Take if Their Medical Information Has Been Breached, visit http://www2.idexpertscorp.com/assets/uploads/10_Actions_Patients_Can_Take.pdf.


About the Study

The 2011 Benchmark Study on Patient Privacy and Data Security utilized in-depth, field-based research involving interviews with senior-level personnel at healthcare providers to collect information on the actual data loss and data theft experiences at their organizations. This benchmark research, in contrast to a traditional survey-based approach, enables researchers to collect both the qualitative and quantitative data necessary to understand the current status of patient privacy and data security in the healthcare organizations that participated in the study.


Note to Media:

For a copy of the 2011 Benchmark Study on Patient Privacy and Data Security, infographic or to schedule an interview with Rick Kam or Larry Ponemon, please contact [email protected] or [email protected].