In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet. “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients.
Sure, everyone has to decide what they are going to do concerning their obligation to comply. There are a lot of factors involved in the decisions and one of those should be how well are you protecting your patient information if you decide to “risk it”. I don’t know exactly what he thinks he is risking but I doubt he thinks he could be risking a patient’s financial stability or even their life.
Identity theft is a huge criminal industry and makes victims lives a complete mess for years while they try to clean up the damage done. There are countless horror stories of financial complications and even ruin after an identity was stolen. There are many services they can use that protect them from such theft, but can it protect them from medical identity theft? It is even worse.
Theft of medical identities is on the rise in the US. Cases involve years of medical treatment provided to someone else in your name. A person using your identity for medical fraud might only be discovered when you receive a bill from a collection agency for hundreds of thousands of dollars from a hospital you have never even visited. The frustration of resolving that situation over years of wrangling will be intense.
Worse, though, would be if the fraud is discovered when you are admitted to the hospital. Imagine going in the ER and your records are reviewed for treatment. The records aren’t yours but instead they are your fraudsters health records. You are seriously allergic to a drug that has been used on them multiple times with no problem. It is administered to you and suddenly you are fighting for your life.
While working on your HIPAA obligations keep in mind the ultimate goal of these rules are to prevent these kinds of things from happening. Risking it means more than just hoping you don’t get audited. Make sure you remember what these regulations are ultimately in place to protect.
Filed under: HIPAA Tagged: Audit, Business Associate, Business Associates, Compliance, Enforcement, HIPAA, information hipaa, private patient, Security Rule, Small Provider