Could BYOD increase the risks of a healthcare data breach and medical identity theft? The third annual study on Patient Privacy and Data Security reveals the explosion of mobile devices used in healthcare organizations. Most organizations in our study say they permit their employees to bring personally owned devices such as smart phones and tablets and connect to their networks or enterprise systems. While productivity may increase, so does the risk that patient data may end up in the wrong hands. In fact when asked, these organizations admit they are not confident they can make sure these devices are secure. What should hospitals do today? Conduct a privacy risk assessment to identify organizational gaps and create a comprehensive mobile device policy (including detailed guidelines) for all employees and contractors. The policy should address the risks and the security procedures that should be followed. They should also reinforce their mobile device policy with employee education on the importance of safeguarding their mobile devices and how to avoid risky behaviors. For a copy of the study, please click here: http://www2.idexpertscorp.com/ponemon2012/
(click to download study) Healthcare organizations seem to face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) or patient information. As is revealed in the Third Annual Benchmark Study on Patient Privacy and Data Security sponsored by ID Experts, many healthcare organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.
(Click to download study) We are pleased to present the findings of the Third Annual Survey on Medical Identity Theft conducted by Ponemon Institute and sponsored by Experian’s ProtectMyID® . This annual study on medical identity theft is designed to determine how pervasive this crime is in the United States and how it has affected consumers.
We are pleased to announce the release of our 2013 Survey on Medical Identity Theft. This is the fourth year of the study and as in previous years we find that medical identity theft continues to be a costly and potentially life-threatening crime. However, unlike other forms of identity theft, the thief is most likely to be someone the victim knows very well. In this study of more than 700 victims of this fraud, most cases of identity theft result not from a data breach but from the sharing of personal identification credentials with family and friends. Or, family members take the victim’s credentials without permission.
We believe that individuals, healthcare organizations and government working together can reduce the risk of medical identity theft. First, individuals need to be aware of the negative consequences of sharing their credentials despite possible good intentions. They should also take the time to read their medical records and explanation of benefits statements to ensure that their information is correct. Second, healthcare organizations and government should improve their authentication procedures to prevent imposters from obtaining medical services and products.
Sponsored by the Medical Identity Fraud Alliance (MIFA), with support from ID Experts, the report can be found at http://medidfraud.org/2013-survey-on-medical-identity-theft.