If you use medical record review services, make sure that they have reliable security measures in place to protect the medical information and are HIPAA-compliant.

1. Why It Is Important to Utilize HIPP-
compliant Medical Record Review Services

2. www.mosmedicalrecordreview.com 1-800-670-2809
As a personal injury attorney handling hundreds of medical records for medical
record review, you need to be extra cautious regarding the confidentiality of these
documents. More importantly, if you happen to use medical record review services, it is
your onus to make sure that they have reliable security measures in place to protect the
medical information you entrust them with, and are HIPAA-compliant. When you deal
with confidential health information, you may need to become an actual “business
associate” under HIPAA and HITECH Acts and this carries specific obligations and
compliance measures. Failing to meet the required standards may lead to serious
penalties.
Confidentiality and privacy concerns become more significant in the context of
medical identity theft that is alarmingly on the rise. An identity thief can receive medical
care and services that include medical instrumentations and prescription drugs
fraudulently using another person’s name and insurance information. Of course,
experienced attorneys help their clients hold identity thieves and other parties
accountable for their actions. However, medical identity theft creates a dangerous
situation because the notes made on the victim’s medical records will be that of the thief,
and it may lead to inappropriate and even fatal medical decisions in the future.
Let us consider why medical identity theft is increasing and what makes the medical
industry vulnerable to cybercrime.
Medical records that are shared among doctors, hospitals and other care providers are
covered by the HIPAA Act, but what about the information shared among app developers,
financial institutions and others? This is not covered by any regulation.
 Consumer Reports’ research conducted in 2015 revealed that 91% of Americans
surveyed were of the opinion that their consent should be required whenever
health information is shared.
 This shows that people are really worried about how their health information is
shared among various agencies because any careless action could lead to medical
identity theft and fraud.
 Healthcare information of patients stored on laptops, smartphones and flash drives
is very vulnerable because it can be compromised if these devices are lost or stolen.
 Studies show that medical fraud costs victims an average of $13, 500 and hundreds
of hours to set right. Worse still, how to retrieve the sensitive medical information
that is out there in the public sphere?
Why Cybercrime Is Increasing

3. Cybercriminals are even threatening hospitals and other healthcare facilities. Take
the recent ransomware attack against the Hollywood Presbyterian Medical Center in Los
Angeles, CA. Their computer systems were locked up by ransomware in early February. As
a result, it became impossible to carry out procedures such as CT scans and patients had
to be taken to nearby medical facilities for treatment in some cases. Access was denied to
patient data, important documents and email. The hospital paid $17,000 in bitcoins to
regain access to its data, and this was done in the best interest of restoring normal
operations, according to the president of this medical center. Healthcare insurance
providers such as Anthem and Premera Blue Cross have also been targeted by hackers,
resulting in massive breaches of PHI (Protected Health Information).
www.mosmedicalrecordreview.com 1-800-670-2809
Why do cybercriminals steal the identity of another?
 Studies by leading researchers show that these criminals steal important details
such as PHI, social security numbers, credit card information and PINs, and banking
credentials which can be sold for $1500 or even more on the black market.
 This information is used not only to obtain medical services and commit insurance
fraud, but also to create professionally forged and customized social security cards,
drivers’ licenses, passports, insurance membership cards and credit cards.
 PHI can be sold to pharmacy companies and hospitals that may want to target
patients with specific health conditions.
 Researchers say that PHI could be used even to forge passports and visas. This could
have serious consequences.
 It is found that in more than half of the identity thefts, family members are
involved. An uninsured person may use a relative’s or friend’s insurance
identification card to obtain treatment.
Medical information is very attractive to cyber thieves because it has an enduring value.
Unfortunately, for the victim this information is non-recoverable and poses a serious
threat in the hands of criminals and fraud. Their healthcare details become mixed up with
the perpetrator’s, which can have devastating consequences.
Why Steal Another’s Identity?

4. www.mosmedicalrecordreview.com 1-800-670-2809
Ensure PHI in Your Hands Is Protected
As mentioned at the outset, law firms and attorneys handling work that involves PHI
(medical records, lab results, insurance information etc.) for covered entities under HIPAA
come under the “business associate” classification. Therefore they also become regulated
by HIPAA and will be held liable for any violation under the Act.
 To ensure compliance, sign business associate agreements (BAA) with agencies you
partner with and who may have access to sensitive health information.
 Perform a risk assessment and have in place physical, technical and administrative
safeguards to protect against any possible data breach.
 Law firms handling such work must make sure that their outsourcing vendors such
as a medical record review company and sub-contractors also comply with the
Privacy Rule.