It’s been a particularly rough couple of years for data security in the health care industry. With hospitals, insurers and other providers trying to adapt to new technology, but not understanding the security risks or required measures, these systems have become a frequent target for hackers. To make matters worse, medical information is highly valuable, even more than financial information.
The new White House data security framework
To guide health care providers in navigating these risks and adhering to principles set by the Precision Medicine Initiative, the White House has finally revealed the final version of its data security framework.
In this version, which spans 10 pages, there are eight guidelines covering a participant-first system that helps identify certain risk, provide explanations and share experiences, according to a report by Healthcare IT News.
Outlined by Sylvia Burwell, Health and Human Services Secretary, and Lisa O. Monaco, assistant to the president for Homeland Security and Counterterrorism, the framework expands on the National Institute of Standards and Technology Cybersecurity Framework. The idea is that this framework would be broad enough so that different organizations could use it and adjust it to their specific needs.
According to a press release from the White House, Burwell and Monaco made this choice because they realize data security management isn’t a “one-size-fits-all” operation. Each organization is supposed to uniquely approach this guideline and adapt it to their own requirements as needed. Burwell and Monaco also wrote that they emphasize transparent communication between providers and patients as an important part of achieving data security.
What consumers can do
This framework is only one step of many required to bolster health care security efforts. Consumers still have a responsibility to protect themselves and understand the signs of medical identity theft. According to the Federal Trade Commission, these signs include getting bills for treatment you didn’t receive, noticing errors on your insurance statement or medical records, or being denied health care for outstanding medical debt that you don’t owe.
If you suspect that a fraudster has accessed your medical information, you have the right to request your medical record and work to change these mistakes. You’ll have to contact any hospital, clinic, pharmacy, etc. to figure out where the theft could have occurred and report the incident to them. This process is lengthy and complicated, but it’s worth the time to clear your name.
Since medical identity theft is harder to detect and reverse than other types of fraud, it requires effort from all ends to make sure that patient data is secure. Part of this effort includes being extra cautious about who you share your sensitive information with and checking regularly for any new credit accounts in your name through credit monitoring. For additional help in these efforts, consider investing in a monitoring service, like Identity Guard, which can alert you to certain activity that may indicate fraud.