HIPAA causes inefficiency at healthcare institutions: Can it be overcome? By Robin Singh
» The cyber attack on Anthem is a wake-up call for healthcare providers to review the security of their patient data. » Some of the rules in place to safeguard electronic PHI create a vicious circle, which at times is dif cult to manage, and a line has to be drawn between health care in theory and health care in practice. » Entities try to leverage technology for performance efficiencies, better care, and cost efficiencies; however, if the technology becomes a pain rather than a boon, it can only lead to inefficiencies in the system. » HIPAA requirements may make it dif cult for providers to communicate and share patient information with each other in emergencies, thus impacting patient care. » Institutions should create a mechanism to use technology to their advantage by identifying alternative mechanisms to satisfy their end goal, which is to provide adequate care by #RobinSingh the #whitecollarinvestigator
» The cyber attack on Anthem is a wake-up call for healthcare providers to review the security of their patient data. » Some of the rules in place to safeguard electronic PHI create a vicious circle, which at times is dif cult to manage, and a line has to be drawn between health care in theory and health care in practice. » Entities try to leverage technology for performance efficiencies, better care, and cost efficiencies; however, if the technology becomes a pain rather than a boon, it can only lead to inefficiencies in the system. » HIPAA requirements may make it dif cult for providers to communicate and share patient information with each other in emergencies, thus impacting patient care. » Institutions should create a mechanism to use technology to their advantage by identifying alternative mechanisms to satisfy their end goal, which is to provide adequate care by #RobinSingh the #whitecollarinvestigator
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
y <strong>Robin</strong> <strong>Singh</strong>, MSc-Law, MSc-IT, LPEC, CFE<br />
<strong>HIPAA</strong> <strong>causes</strong> <strong>inefficiency</strong><br />
<strong>at</strong> <strong>healthcare</strong> <strong>inst<strong>it</strong>utions</strong>:<br />
<strong>Can</strong> <strong>it</strong> <strong>be</strong> <strong>overcome</strong>?<br />
»»<br />
The cy<strong>be</strong>r<strong>at</strong>tack on Anthem is a wake-up call for <strong>healthcare</strong> providers to review the secur<strong>it</strong>y of their p<strong>at</strong>ient d<strong>at</strong>a.<br />
»»<br />
Some of the rules in place to safeguard electronic PHI cre<strong>at</strong>e a vicious circle, which <strong>at</strong> times is difficult to manage,<br />
and a line has to <strong>be</strong> drawn <strong>be</strong>tween <strong>healthcare</strong> in theory and <strong>healthcare</strong> in practice.<br />
»»<br />
Ent<strong>it</strong>ies try to leverage technology for performance efficiencies, <strong>be</strong>tter care, and cost efficiencies; however, if<br />
the technology <strong>be</strong>comes a pain r<strong>at</strong>her than a boon, <strong>it</strong> can only lead to inefficiencies in the system.<br />
»»<br />
<strong>HIPAA</strong> requirements may make <strong>it</strong> difficult for providers to communic<strong>at</strong>e and share p<strong>at</strong>ient inform<strong>at</strong>ion w<strong>it</strong>h<br />
each other in emergencies, thus impacting p<strong>at</strong>ient care.<br />
»»<br />
Inst<strong>it</strong>utions should cre<strong>at</strong>e a mechanism to use technology to their advantage by identifying altern<strong>at</strong>ive<br />
mechanisms to s<strong>at</strong>isfy their end goal, which is to provide adequ<strong>at</strong>e care.<br />
Compliance Today March 2017<br />
<strong>Robin</strong> <strong>Singh</strong> (robinsingh002@yahoo.com) is a seasoned Compliance and<br />
Fraud Examiner and currently works w<strong>it</strong>h the Abu Dhabi (Un<strong>it</strong>ed Arab Emir<strong>at</strong>es)<br />
government in Health Services. Tw<strong>it</strong>ter: @drobinsingh<br />
LinkedIn: https://ae.linkedin.com/in/wh<strong>it</strong>ecollarinvestig<strong>at</strong>or<br />
The cy<strong>be</strong>r<strong>at</strong>tack on Anthem, the second<br />
largest insurer in the U.S., triggered a<br />
wave of panic among <strong>healthcare</strong> <strong>inst<strong>it</strong>utions</strong><br />
and <strong>be</strong>neficiaries as well about the<br />
safety and privacy of their personal records.<br />
Anthem Inc., announced in February 2015<br />
th<strong>at</strong> 80 million past and present customers<br />
had <strong>be</strong>en the target of a massive d<strong>at</strong>a breach<br />
th<strong>at</strong> compromised names, birthdays, medical<br />
IDs, Social Secur<strong>it</strong>y num<strong>be</strong>rs, street addresses,<br />
and employment inform<strong>at</strong>ion. 1 Th<strong>at</strong> means<br />
they are <strong>at</strong> risk of ident<strong>it</strong>y fraud. Anthem is a<br />
huge organiz<strong>at</strong>ion and, although <strong>it</strong> may not<br />
<strong>be</strong> directly concerned w<strong>it</strong>h providing <strong>healthcare</strong>,<br />
the truth is evident—health-rel<strong>at</strong>ed<br />
d<strong>at</strong>a is as deserving of secur<strong>it</strong>y protocols as<br />
other key d<strong>at</strong>a, such as bank details or Social<br />
Secur<strong>it</strong>y details.<br />
The fact is th<strong>at</strong> unauthorized<br />
access to <strong>healthcare</strong> inform<strong>at</strong>ion<br />
allows fraudsters to explo<strong>it</strong> various<br />
opportun<strong>it</strong>ies to make money or<br />
receive <strong>be</strong>nef<strong>it</strong>s. For example, they<br />
may claim insurance <strong>be</strong>nef<strong>it</strong>s, they<br />
may receive medical care, they may<br />
buy medical equipment or drugs—all <strong>Singh</strong><br />
under the name of the individual<br />
whose ident<strong>it</strong>y or d<strong>at</strong>a they have stolen. The<br />
possible repercussions of this type of fraud<br />
are enormous and have <strong>be</strong>en brought into the<br />
spotlight. The need for stringent and effective<br />
controls to prevent access to d<strong>at</strong>a by unauthorized<br />
people is therefore immense.<br />
P<strong>at</strong>ient d<strong>at</strong>a secur<strong>it</strong>y and <strong>HIPAA</strong><br />
One of the objectives of the Health Insurance<br />
Portabil<strong>it</strong>y and Accountabil<strong>it</strong>y Act of 1996<br />
(<strong>HIPAA</strong>) is to prevent cy<strong>be</strong>r<strong>at</strong>tacks on<br />
<strong>healthcare</strong> <strong>inst<strong>it</strong>utions</strong>. If hackers have an<br />
opportun<strong>it</strong>y to steal <strong>healthcare</strong> d<strong>at</strong>a, they<br />
could get their hands on something th<strong>at</strong> is<br />
52 www.hcca-info.org 888-580-8373