Skip navigation
Industry News

Medical Identity Theft Threatens Patient Data and Customer Loyalty

While the healthcare industry is slowly moving forward in technological advances due to federal and state legislature, security and privacy concerns are still backed by the numbers. In 2014, medical identity theft grew nearly 22 percent, resulting in an average cost of $13,450 per victim, according to the The Ponemon Institute report, 2014 Fifth Annual Study on Medical Identity Theft.

That is, most (65 percent) individual victims of identity theft were forced to pay out of their own pockets to resolve medical fraud. Those costs include payments to healthcare providers, insurers, identity service providers and legal counsel. While the financial industry often absorbs related costs of a data breach, but the healthcare industry isn’t there yet.

Medical identity theft can mean big fail for consumers, but it can also suck for hospitals and physicians, as 48 percent of respondents said they would strongly consider changing healthcare providers if their medical records were lost or stolen.

Seventy-nine percent of patients think it’s important for healthcare providers to ensure the privacy of their health records, while another 40 percent think that prompt breach notification by the healthcare provider is also important.

Security Provides a Competitive Advantage

That means security and privacy can become a primary business differentiator in the healthcare industry - similar to how it already it is in the legal industry. In a New York Times Dealbook article, Law Firms Are Pressed on Security for Data, big corporate clients, including Wall Street banks, are now demanding that their law firms demonstrate that they were employing “top-tier technologies to detect and deter attacks from hackers bent on getting their hands on corporate secrets either for their own use or sale to others.”

Other financial institutions are asking law firms to fill out lengthy 60-page questionnaires that detail their cybersecurity measures as well as doing on-site inspections. That means that in order to stay competitive, law firms will have to dish out for security or lose major business.

Healthcare Data Security Laws in Effect

Healthcare legislation has already required the use of electronic health record systems (EHRs), and, in some states, the use of e-prescription software. Benefits of using both include increasing accuracy and efficiency, as well as reducing costs considerably compared to paper or faxes.

The State of New York has mandated the use of e-prescription across all healthcare providers, requiring compliance by March 27, 2015 (end of this month!). But that also means that healthcare providers must meet the e-prescription compliance requirements enforced by the Drug Enforcement Agency (DEA), also known as Electronic Prescription for Controlled Substances (EPCS) compliance See the full text of the DEA’s final rule on EPCS (PDF).

One of those requirements includes the use of two-factor authentication to verify the identity of prescribing physicians that must digitally sign the prescriptions in order to validate them (referred to as identity-proofing by the DEA). Two-factor authentication is also highly recommended by the Dept. of Health & Human Services as way to protect remote access to systems containing electronic protected health information (ePHI).

Securing Patient Data: Breach Prevention Doesn't Have to Be Brain Surgery

Healthcare Guide For more about patient data security, download our newest industry guide, Duo Security's Guide to Securing Patient Data: Breach Prevention Doesn’t Have to Be Brain Surgery.

To help you navigate patient data security, our guide will:

  • Summarize relevant health IT security legislation, including federal and state
  • Provide information security guidelines on remote access risks and solutions
  • Provide extensive security resources and a real hospital case study
  • Explain how to protect against modern attacks and meet regulatory compliance with two-factor authentication

Ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the healthcare industry.

Download our free guide today for a comprehensive overview on how to safeguard patient data.