5 Things Healthcare Institutions Can Do to Prevent Medical Identity Theft

Medical identity theft is becoming a serious problem. In certain cases this kind of data can be more valuable for thieves than simply stealing someone’s banking details, and this means that the information is becoming very sought-after. If you don’t have the right safeguards in place now, you could be a sitting duck waiting for trouble. Here are five things to prioritise if you want to prevent theft of your patients’ medical identities.

1. Update your software

As the recent cyberattacks on the NHS show, we are only as strong as our weakest link when it comes to software. Hacking methods and bugs are being developed constantly, but the good news is that software providers are also working constantly to create solutions that keep hackers out. You can only get access to those solutions if you update your software, however. Make sure that all devices used by your staff are set to automatically update once a week at minimum, perhaps at a time which is traditionally slow and when the devices might not be in use. If you leave the updates to be done manually, you risk one mistake taking down your whole system and grabbing all of the data you have on offer.

2. Train and vet your staff

It’s very important that your staff know the right procedures to look after patient information. They should not share passwords, allow others to use their computers without constant supervision, or have access to files which are not required in the course of their work. You also have a responsibility to vet your staff during the hiring process to ensure that they are not likely to cause any leaks, whether deliberately or through a lack of ability when it comes to computing software.

3. Know the red flags

There are a number of red flags which may appear when someone is attempting to steal medical information, and you can also train your staff to spot these. They may include a patient visiting your institution and giving information which does not match what you have on file for them, tests not matching up to patient history, patients calling to get information over the phone without being able to prove their identity and so on. Instruct your staff to be on the lookout for these at all times.

4. Teach your patients

Patients can also be the source of medical identity leaks. If they are accessing their own files online through your portal and don’t have the right security measures in place, they could be in danger of theft. Create notices and send messages whenever possible reminding patients to stay safe while browsing online. Let them know not to access the data on public networks, and to secure their iPhones and other devices if they are connecting via mobile. They should also follow best practices such as not sharing or writing down any passwords. Make sure that patients are reminded of this every time they log in, just in case they are using a new device or network and may have forgotten to check it properly.

5. Check identities

Before giving out any information to patients, make sure that you know who they are. Introduce a new policy that anyone who is looking at files or being made privy to confidential information should prove their identity. This can be done with a driving license, passport, or other form of ID to make the process easy. If they do not have this kind of ID with them, you can ask them questions which only the patient could correctly answer. An example of this is how patients in the UK must be asked to confirm the first line of their address before they are allowed to take home a prescription. This could easily be incorporated to other areas of medical practice, such as when discussing patient history with them, without causing distress.

While medical identity theft might not be something you have experienced yet, it can happen to any hospital, medical centre, or doctor’s office. Make sure that you are prepared for it – the NHS does have a duty of care to protect patient data, and to help patients protect themselves.

About the Author:

David Beeshaw is a health blogger who dedicated his time and efforts to helping all those at risk of STIs and HIV fight back. As a staunch supporter of healthy life and safe sex, David is currently supporting Dominika Rejmer and raTrust, a non-profit organisation helping all those at risk of STIs and HIV.