Protecting Patients’ Private Information

Humana urges providers to continue to be vigilant when it comes to safeguarding the protected information (PI) of patients. This includes not only private health information found in patient records, but also other personal information, such as Social Security numbers, bank account numbers, credit card numbers and driver’s license numbers.

Identity theft is the fastest growing
white-collar crime in the United States.

Identity theft is the fastest growing white-collar crime in the United States, according to the Privacy Rights Clearinghouse, a consumer information and advocacy organization. Social Security numbers, widely used in health care, are one of the most sought-after pieces of PI. Social Security numbers have cash value because they can be used to steal someone’s identity, access bank accounts and purchase goods.

The growth of identity theft in the United States has led to the introduction of strict state laws and regulations to protect the personal information of citizens in each state. California is one of the leaders in this type of legislation and has a dedicated agency, the California Office of Privacy Protection, in place to protect the privacy of its citizens’ personal information.

The Health Insurance Portability and Accountability Act (HIPAA) mandates that providers, health plans and clearinghouses take action to safeguard individually identifiable protected health information. HIPAA includes both privacy and security rules that require the implementation of administrative, physical and technical safeguards. For more information on HIPAA, visit www.hhs.gov/ocr/hipaa/.

There is risk associated with storing and maintaining both paper and electronic records in physicians’ offices. Hundreds of thousands of consumers have their PI exposed every year when electronic records are hacked into, laptops/computers are stolen, backup tapes are lost or stolen and information is passed by dishonest insiders.

Humana offers the following tips for protecting PI on laptops and removable media devices (USB drives, flash drives, CD/DVD burners and other media):

• Try to limit the use of removable media for storage of PI.
• Store media in a secure area/locked container with an audit trail of who took possession of/accessed the media.
• Provide locked containers for disposal of media containing PI.
• Label, classify and track media until destruction or deletion.
• Laptops and Personal Digital Assistants (PDAs) containing PI should not be left unattended at any time. Lock laptops, PDAs and other media in drawers or desk at the end of the day.
• If using a laptop computer, install encryption software.
• Do not share computer passwords.

Some tips for offices using paper records:

• Use a shredder on any documents that contain both private health and personal information about patients. When in doubt, shred.
• Keep your workspace clear of paperwork that contains PI.
• Lock desks and cabinets.
• Set a protocol to provide for confidential sending and receiving of faxes that contain PI and other confidential information.
• Pick up papers containing PI at fax machines and copiers promptly.
• Secure your keys.

Humana encourages providers to review the privacy and security policies in their practice annually. Here are some tips on how to take action in your practice:

• Appoint one person in your practice to write specific procedures about safeguarding PI and complying with HIPAA regulations. Spell out exactly who has access to what information.
• Set a policy for when and under what conditions PI may be removed from
  the office. Ensure that employees understand their responsibility to safeguard PI.
• Do background checks on employees to protect against hiring individuals who have questionable backgrounds.
• Educate staff on how to handle possible identity theft issues with patients. Encourage them to share with patients the reasons for asking for certain types of personal information.

Back to top