I changed doctors recently and had to fill out a stack of forms before my first appointment. What a tedious, time-consuming chore!
Now, after talking to Jimmy Georgiou, a StorageCraft partner in Charlotte, NC, I’m actually grateful for some of those forms. Jimmy provides technology solutions to dental practices in four states. Serving hundreds of dentists has, by necessity, turned him into a HIPAA expert.
Since the Health Insurance Portability and Accountability Act (HIPAA) passed in 1996, healthcare providers are required to protect the confidentiality and integrity of patient records. In 2013, a new rule requires business associates of healthcare providers – MSPs like Jimmy, for example – to comply with HIPAA.
“HIPAA is about preventing identity theft,” he says. “As a patient, when you walk into a dentist’s office, you’re essentially giving them your fingerprints. You should want that information to be secure.”
Jimmy once walked out of a doctor’s office because they didn’t have the proper HIPAA forms for him to sign. “I didn’t trust them with my personal information, so I left.”
That made me see those tedious forms in a new light. Their absence indicates a healthcare provider may not be protecting my medical records properly. While I don’t care if someone finds out that I have allergies, I do care if someone steals my identity.
Medical records, or ePHI (electronic protected health information) as the law calls them, are the mother lode of identity information. Besides the patient’s full name and address, one ePHI record can contain:
- the patient’s date of birth
- the names of his or her parents and other family members
- email address and phone numbers for work and home
- fingerprints, x-rays, and photos
- medical history
- prescriptions, including preferred pharmacy
- payment information, including driver’s license, credit card and bank account numbers.
Imagine what an identity thief could do with all of that information. Some fraudster could make false insurance claims, get drugs, even get medical treatment – all at my expense. And that’s only medical fraud. A swindler with my ePHI could empty my bank account, open new accounts and ruin me financially. No wonder medical records bring top dollar on the black market!
According to Jimmy, a Social Security Number brings about $3, credit card information brings in $1.50, and ePHI brings in $50 to $1,000 on the black market.
Why are SSN and credit card numbers valued so much less? “Because you can cancel and replace them. Not so with your ePHI,” he says. “You can’t cancel your medical history.”
Thanks to HIPAA, protecting my ePHI is part of my doctor’s or dentist’s job. If they don’t have the forms to prove it, I’ll find a healthcare provider who does.
You can read more about Jimmy Georgiou and how he uses StorageCraft to meet HIPAA requirements in an upcoming case study.
Photo credit: Bin Im Garten via Wikimedia.