Your health data is compromised, now what ?

OCRMedical Identity Theft is been happening at an alarming pace these days. Everyday there is news reports about health data breaches in hospitals, private practices and other medical organizations.

So what can a consumer do when their health data is compromised?

And what can one do to protect the data from being compromised in the first place?

Here are some examples of how data breaches occur:

  1. A laptop or a mobile device with patients records info is stolen or lost
  2. A hacker may have reached the health organization’s computer system
  3. Paper health records stolen from the premises

What kind of information can be stolen or hacked?

  1. Health insurance numbers
  2. Social security numbers
  3. Medical information
  4. Creditcard information

Signs that a data breach has occurred on your health information:

  1. You receive a data breach notice from a healthcare organization
  2. Unknown items in the Explanation of Benefits(EOB) from your health insurer
  3. You receive a notice from your health insurer or health plan stating you have reached your benefit limit
  4. Call from a debt collector
  5. Unusual questions asked during check in at your health provider

So, what can you do to protect your privacy?

Depending on the type of information compromised, there are several steps you as a consumer can take to protect themselves:

1) If a social security number is stolen:

  1. Call the 3 Credit Bureaus: TransUnion, Equifax, Experian and alert them of the breach
  2. Have the credit bureaus put a fraud alert on your file
  3. Get a copy of your credit reports and review it carefully
  4. Report any unusual or incorrect information immediately and have them removed

2) If a Health Insurance of Health Plan number is stolen:

  1. Call your health insurer and have them make a note of the breach
  2. Review the “Explanation of Benefits” statement from your health insurer very carefully
  3. Check for a service you did not receive, an office visit you did not make, or medical equipment you did not request on the statement
  4. Have them investigate anything you find suspicious
  5. Contact the doctor, pharmacy, laboratory, health plan, or other provider who submitted the information to the insurer. Ask to see your medical records about the item you are seeing in the Explanation of Benefits.
  6. Review all the information you receive from your insurer and your related medical records. If you still believe the item is incorrect, contact the health care provider’s medical records department or privacy officer. Request to have your medical records corrected.

3) If a call from a Debt Collector for unpaid medical bills is recieved:

  1. Do not pay the bill and ask for a copy of the bill and related documents
  2. Call your health insurer or health plan. Tell them about the bill, explain that you did not receive the services and ask them to investigate it.
  3. Contact the health care provider who provided the services. Tell them you received a bill or call about a service you did not get. Ask them to check their billing records. If they confirm the bill, ask them for a copy of your medical records related to the service.
  4. Request to have your medical records corrected in writing. You may need to get a police report of identity theft to go with your request.

Consumers have the right to inspect their medical records and to receive copies of them, with some exceptions as per the Health Privacy Law enforced by the Office of Civil Rights

Federal Law requires providers to put up Notice of Privacy Practice at their offices or website. This notice will have instructions on how to order copies of your medical records, how to request an amendment or correction, how to file a privacy complaint, and other helpful information.

Need further Information? Click here








Share this in :
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.


Upcoming Events

  1. Protection from Phishing Attacks

    May 24 @ 1:00 pm - 2:00 pm
  2. HIPAA Hardening for G-Suite

    June 13 @ 1:00 pm - 2:00 pm