• E-mail
• Print
• RSS

Tip: Mitigate the risk of identity theft

HIPAA Weekly Advisor, December 22, 2008

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Healthcare organizations should be aware of the FTC’s Identity Theft Red Flags rules under the Fair and Accurate Credit Transactions Act of 2003, says William Miaoulis, CISA, CISM, manager, Phoenix Health Systems, in Montgomery, AL.

The regulation requires many healthcare organizations to implement programs to prevent and detect identity theft by May 1, 2009, he says. According to Miaoulis, to mitigate the risk of identity theft, organizations should take the following steps:

1. Research the FACTA Identity Theft Red Flags rules. 
2. Implement the HIPAA standards of minimum necessary to include demographic information. “Specifically, organizations should inventory which systems maintain the Social Security numbers and patients’ birthdates,” Miaoulis says. 
3. Determine who has access to information and determine if access is appropriate. For those roles that require the use of patients’ Social Security numbers, determine whether limiting access to the last four or five digits of the number would be sufficient. Organizations could also consider limiting the use of patients’ birthdates, Miaoulis adds. It may not compromise patient care to see someone was born in May 1970 vs. May 15, 1970, he says.

Editor's note: This tip was adapted from the December issue of Briefings on HIPAA, the HCPro, Inc. newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments