At over $60 billion per year, Medicare fraud has become one of the most profitable crimes in America, say analysts. In South Florida, health information fraud has replaced cocaine as the major criminal enterprise. As health care providers have fully turned digital with Electronic Health Records that contain protected health information, health information data breaches are also increasing in number, frequency and magnitude across the globe. 

It might be baffling to some – what would one gain from stealing protected health information.  Fraud resulting from medical identity theft primarily takes two forms: 

  1. physician identification numbers that are stolen and used to bill for services, and
  2. patient identification information stolen (or lent to friends and relatives) and used to obtain services or to bill for services
Illegally accessing health information details of prominent celebrities also often proves highly profitable for cyber-criminals.

Unfortunately, growing incidents of fraudulent access and use of protected health information (PHI) suggest that not all organizations entrusted with PHI protection are upholding their responsibility. PHI breaches cause significant harm, both to the individuals whose information was breached and to the organizations responsible for protecting it. Consequences of PHI breach for organizations are still more serious – loss of trust, financial loss, operational issues, legal hurdles and in extreme cases, even of loss of business.

PHI – Stakeholders and their Responsibilities

Protected health care information is being handled by a large number of stakeholders – physicians, therapists, clinics, hospitals, laboratories, pharmacists, insurers, insurance companies, law firms, telemedicine firms and other agencies.

These stakeholders are responsible for the confidentiality, integrity, and availability of all PHI they create, receive, maintain, transmit, or store. This responsibility includes implementing appropriate safeguards against any reasonably anticipated threats or hazards to the security or integrity of that information.

They must ensure:

  • Confidentiality: data or information is not made available or disclosed to unauthorized persons or processes
  • Integrity: data or information has not been altered or destroyed in an unauthorized manner
  • Availability: data or information is accessible and useable upon demand by an authorized person

From the foregoing, it is evident that the protected health care information is facing a serious cyber-threat. In the next post, let us analyze the causes of cyber-threats to PHI  and the ways to combat…

Disclosure: ManageEngine has co-sponsored the “ Protected Health Information (PHI) Project ,” an initiative launched by the American National Standards Institute (ANSI) to evaluate the financial impact of unauthorized access to Protected Health Information (PHI). This blog series draws information from the report “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security”.

Bala
ManageEngine IT Security & Compliance Solutions
Quick Video | Free Trial Download White Papers   | Success Stories

  1. Bala

    True, the figures were baffling to me too! But, this story in CBSNews unearths the magnitude of the fraud and explains how people mint dollars. The $ 60 billion is actually not the market for selling PHI data obtained through unauthorized means, but the fraudulent money being realized through several means, including claims made using the stolen health care identities and PHI data.

    http://www.cbsnews.com/2100-18560_162-5414390.html?tag=contentMain;contentBody

    Thanks,
    Bala

  2. 60 billion dollars/!??!? Wow. I can understand a few million but 60 billion?? I can’t even imagine where people would find a market for that