The document discusses the importance of protecting healthcare facilities from medical identity theft, highlighted by a case involving a nurse who stole patient identities. It emphasizes the need for strict hiring practices, adherence to HIPAA regulations, and implementation of robust security control systems to safeguard patient information. Additionally, it advises on hiring an identity theft protection company and maintaining accountability and training among staff to prevent such crimes.

1. How
to
Protect
Your
Healthcare
Facility
From
Medical
Identity
Theft
Albany
Medical
Center
was
working
hard
to
take
care
of
its
patients
and
bring
a
higher
level
of
healthcare
to
the
community.
According
to
most
patients,
the
facility
was
doing
a
good
job
of
it.
Unfortunately,
the
medical
center’s
reputation
was
recently
damaged
when
one
of
its
own
nurses
was
caught
stealing
patient
identities.
With
the
help
of
her
boyfriend,
a
nurse
stole
over
50
patient
identities
and
applied
for
hundreds
of
credit
cards
in
their
names.
The
two
identity
thieves
were
eventually
caught
red-­‐handed
with
a
collection
of
patients’
names,
home
addresses,
Social
Security
numbers,
credit
cards,
and
gift
cards.
Sadly,
this
is
just
one
of
numerous
cases
in
which
nurses
swiped
patient
identities
for
personal
financial
gain.
As
a
medical
facility
or
administrator,
it’s
your
duty
to
protect
your
patients
from
identity
theft.
After
all,
more
importantly
than
harming
your
reputation
as
a
trusted
healthcare
provider,
medical
identity
theft
puts
your
patients’
lives
at
risk.
Here’s
how
to
safeguard
your
facility.
Be
Strict
About
Hiring
Implement
well-­‐defined
hiring
practices
to
weed
out
potential
threats.
For
example,
run
extensive
background
checks
on
each
applicant
to
make
sure
there
is
no
history
of
criminal
activity
or
association
with
criminals.
Also,
only
hire
personnel
that
can
show
their
qualifications
and
have
a
long
list
of
references—references
you
actually
check
up
on
as
well.
Reference
checks
are
important
for
every
position,
but
especially
for
the
nurses
who
will
have
regular
interaction
with
patients
and
their
private
information.

2. Stick
to
Regulations
Your
patients
are
at
risk
every
time
employees
don’t
explicitly
follow
established
protocols
and
federal
privacy
regulations.
This,
of
course,
includes
adhering
to
the
rules
governing
protected
health
information
under
HIPAA.
Patient
records
are
a
goldmine
for
identity
thieves.
They
contain
all
of
the
information
they
need
to
easily
commit
medical
identity
theft—names,
addresses,
birthdates,
and
Social
Security
numbers.
Patient
files
may
even
include
credit
card
information
for
billing
purposes.
Make
sure
you
follow
all
of
HIPAA’s
strict
guidelines
for
how
patient
information
should
be
handled
to
reduce
the
likelihood
of
that
data
falling
into
the
wrong
hands.
Implement
Control
Systems
Set
up
control
systems
to
eliminate
opportunities
for
medical
identity
theft
to
occur
at
your
facility.
This
includes
considering
both
human
and
electronic
security
measures.
Create
an
extensive
set
of
policies
and
procedures
that
safeguard
patients’
personal
information:
• Hire
an
identity
theft
protection
company
that
specializes
in
not
only
preventing
medical
identity
theft
from
happening
in
the
first
place,
but
also
recovering
patient
identities
after
they’re
stolen.
• Develop
a
secure
IT
network
that
only
allows
authorized
users
to
access
patient
records.
Require
complex
passwords
to
login
to
the
network,
and
only
share
them
with
those
employees
who
need
access.
• Configure
computer
systems
containing
patient
records
to
automatically
logout
a
user
when
a
workstation
is
unattended.
• Add
security
screens
to
computers
in
public
areas.
• Hold
all
members
of
your
staff
accountable
for
complying
with
HIPAA
laws.
• Require
staff
to
participate
in
annual
competency
training
to
keep
their
patient
privacy
skills
up-­‐to-­‐date.
• Never
leave
patient
records
unattended
in
unsecured
areas.
• Regularly
shred
and
securely
dispose
of
printed
patient
records.
• Audit
your
system
regularly
to
see
which
records
have
been
accessed
and
by
whom.
If
you
notice
patient
records
have
been
accessed
after
hours
or
have
been
accessed
repeatedly,
call
those
employees
in
to
question.
• If
resources
allow
for
it,
hire
a
full-­‐time
privacy
and
security
officer
responsible
for
monitoring,
tracking,
and
protecting
patient
privacy.

3. Prevent
Medical
Identity
Theft
If
your
system
is
breached
and
patient
identities
are
stolen,
hire
a
professional
identity
theft
investigator
to
run
the
investigation.
They
stay
current
on
all
of
the
latest
medical
identity
theft
methods,
and
use
techniques
to
quickly
find
the
identity
thieves.
The
last
thing
you
want
to
do
is
let
the
identity
theft
drag
on,
putting
more
patients
in
harm’s
way.
Ultimately,
as
a
reputable
medical
facility,
you
have
a
responsibility
to
keep
your
patients’
identities
under
lock
and
key.
Failure
to
do
so
not
only
threatens
patients’
health
and
finances.
Identity
theft
also
has
far-­‐reaching
legal
and
financial
implications
that
can
put
you
out
of
business.
Don’t
let
identity
thieves—whether
employees
or
people
outside
the
organization—wreak
havoc
in
your
medical
facility.
Visit
www.TheIdentityAdvocate.com
for
more
tips
and
to
learn
how
to
set
up
a
medical
identity
theft
protection
plan
for
your
business.