Content Dam Diq Online Articles 2016 05 Identity Theft 1

Prevent medical identity theft, empower dental health-care workers

April 6, 2018
Medical identity theft is real, and dental practices can be hit hard if proper precautions are not taken. Here's what you need to know.

This article originally appeared in the Principles of Practice Management e-newsletter. Subscribe to this informative twice monthly practice management ENL here.

The finance industry is an overrated poster child when it comes to industries at risk of experiencing privacy breaches. According to the World Policy Forum, an active credit card sells on the black market for $3. Compare this to a medical record that can sell for $50 at its peak. The black market value of stolen medical patient records has fluctuated based on the growth of the ransomware market.
BUT MEDICAL IDENTITY THEFT—the theft of patient name, address, Social Security and health ID numbers—remains a lucrative vertical for cybercriminals to get prescription drugs, insurance claims, and even government benefits. Health organizations and dental practices are taking steps to improve data protection strategies and understand the root causes that allow incidents to happen.

The digital transformation journey that dental practices are embarking on has increased the likelihood of a privacy breach. As dental practices transition from physical to digital recordkeeping, personal information may be compromised during the transition due to lack of established protocols regarding how to manage and dispose of paper records. There are also a number of access points to medical patient data that opens up the chance for personal information to be compromised once the migration takes place. Twenty-five percent of data breaches are caused by human error, and the lack of management when it comes to adopting privacy practices in the workplace does not help.

There are regulatory compliance expectations in almost every jurisdiction and it is crucial to ensure that clear policies, procedures, and training are in place. In the US, HIPAA ensures health information is appropriately safeguarded, and in Canada, PIPA regulates privacy practices in British Columbia and Alberta. Dental practices should strive to update their privacy program in order to appropriately protect patient data or they could expose themselves to financial and reputational consequences.

The risks around privacy breaches and the expectations set forth by regulators mean that each dental practice should strive to have a privacy program commensurate to the size of their operation that will ensure the appropriate management of personal information.

The three-legged stool: the pillars of success for a privacy program

I like to use the analogy of the three-legged stool when dental consultants ask what’s required for dental practices to change their privacy culture and comply with regulators. There is a misconception that all a dental practice needs is the software technology or the services of a lawyer to mitigate the occurrence or the severity of privacy breaches. This is simply not the case. There are three key pillars that make up a successful privacy program, and all three must work together to ensure privacy risks are managed appropriately.

1. Technology

Ensuring that the appropriate security safeguards, such as antivirus, firewalls, and encryption, are in place in order to protect from external threats such as hackers, is a critical step to minimizing data compromising or loss.

2. Legal

Understanding the applicable privacy regulations that the practice needs to comply with ensures that the appropriate policies and legal framework are in place to mitigate the risk of lawsuits and penalties.

3. Operational enablement

Translating the regulatory and technical requirements into day-to-day business processes help ensure that employees understand the importance of data protection. It also teaches them how to avoid phishing scams, and how to take responsibility of the patient data they deal with. This is the glue that binds everything together to adopt good privacy practices and avoid a data breach that could bring down an entire practice.

Good privacy practices in any organization are important, but in health care and in particular in the dental industry, these practices must become the default approach to managing patient personal information.

For the most current practice management headlines, click here.
For the most current dental headlines, click here.
Ale Brown, MBA, CIPT,founded Kirke Management Consulting in2014with the goal of helping organizations excel in their business objectives by finding opportunities for growth while managing risks that could prevent their success. Ale started her career in IT with large corporations such as Procter & Gamble and Johnson & Johnson. She ventured into the entrepreneurial world working for boutique consulting firms. Her specialties at the time were the implementation and management of ERP systems and customer relationship management (CRM) strategies. During her last corporate job with J&J, she partnered with various commercial groups in the organization to provide IT solutions in the area of sales force effectiveness and digital marketing. This is when Ale was exposed to the world of privacy management.