How healthcare organizations can deter medical identity theft
Medical identity theft is a growing problem—about 15 million patient records were compromised in 2018, according to Experian Health, a company that helps providers and payers improve efforts to safeguard data. Criminals are getting through cracks in organizations’ cyber defenses to steal patient data and profit from vulnerable health systems. Here are six ways a healthcare organization can safeguard patient data from identity theft.
Tell patients how the organization is protecting their data
Patient trust is at the heart of a successful patient-provider relationship. Share the steps the organization is taking to secure patient information so patients feel reassured and confident in using their portal. Data security should be a key part of patient engagement messaging.
Verify patient identities to protect access to medical records
To avoid HIPAA violations, it is important for the organization to ensure it’s giving the right patient access to their own data. Secure log-in monitoring and device intelligence can help confirm that the person trying to log in is who they say they are. When something doesn’t add up, identity-proofing questions can be triggered to provide an extra check. Biometrics also might eventually be employed to provide an additional identity check.
Automate patient portal enrollment
The organization should ensure its portal technology is as secure as possible, but not at the expense of patients’ time and effort. An automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.
Arm the organization with a multi-layered security strategy
There is no silver bullet for protecting patient information—it will require a variety of tools. A robust data security strategy will be multi-layered, including device recognition, identity proofing and fraud management.
Educate staff on security threats and warning signs
Data breaches aren’t all malicious—human error is a major component, from mailing personal data to the wrong patients, to accidentally publishing data on public websites to losing a laptop on public transportation. Training staff on the potential pitfalls will help in protecting confidential patient information.
Develop a robust device strategy
“Bring Your Own Device” arrangements are convenient for staff and patients, but personal devices must be secured when accessing patient information across the network. Ensure the team, as well as patients and visitors, are aware of how to log on securely to WiFi and follow best practices to keep data safe.
Automation, digitization and consumer-centric approaches make good business sense across the board, but they’re also sensible investments to enhance a data security strategy. Investing in secure patient identities is a way to prevent unnecessary losses down the line—and it’s what patients have come to expect.