How patients can safeguard their PHI

This morning I received my monthly newsletter from United Healthcare, our insurer. The lead article in that newsletter included 8 crucial steps I can take to prevent ID theft. Obviously, insurers have a lot to lose from fraudulent claims. So do each of us.

The frequent announcements about healthcare data breaches and hacks into healthcare systems and software vendors has lead some organizations to begin to focus on how we as patients and consumers can protect our private information. In their August 24, 2015 newsletter, FierceHealthIT recommends 3 ways patients can safeguard PHI.

They are simple steps:

  1. Only share your private information when it is absolutely needed. Every physician I have ever been to has requested my social security number (SSN). There is no reason for them to have it. My SSN is not needed for identification or billing purposes and I stopped giving it years ago. You can do the same. For those of you who are on Medicare, it is not so simple; that number is on your card and requires additional safekeeping on your part. A law passed by Congress this year requires the Centers for Medicare and Medicaid Services (CMS) to develop Medicare cards which do not include the holder’s social security number. There is funding which will allow this to happen for new subscribers within four years and for all other subscribers within four additional years.
  2. Get credit monitoring. If any of your personal information is included in a data breach of any sort— Target, VA, anything–and you are offered credit monitoring, TAKE IT! And then use it. If they suggest that you initiate a credit freeze for one or all of the credit services, do it. If you are concerned about your personal data, you might even consider subscribing to one of the services on your own. Whether you do that or not, be sure to get your free annual credit reports from each of the big three reporters.
  3. Watch your health records. Ask for copies of your records and monitor them. Make sure the information is correct. Use your health insurer’s website to monitor claim activity to be sure no one bills for services that were not rendered to you.

The upshot of these articles is that patients and consumers of all services must become more aware of our own data and how it is being used and protected (or not being protected), by those with whom we do business or from whom we receive services. Healthcare providers can participate in this education process for their patients by providing information for them about what they can do. It goes without saying that you also provide your organization’s Privacy Policy, as required by HIPAA.

We are all subject to pretty onerous outcomes if our personal information is stolen. Proactive steps to encourage your patients to protect theirs can go a long way to securing your relationship with them.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.