Loading ...
It is very strange that when you look around you can find many, many training courses and seminars on HIPAA. From a providing information point of view, the market is well provided for. Yet walk into you local doctor’s office or local hopsital, and ask a few basic questions and blam, they don’t know HIPAA at all. ? WHY ?
Why is HIPAA not taken seriously enough?
For years we have been saying we need to stop this coming storm of Medical Identity theft. There are many sad instances of Medical Identity theft, even the FTC has defined it, realizing the important difference between medical identity theft and financial identity theft.
With Financial identity theft, you loose money sure, your credit record goes south, you have a hard time paying bills etc.. But this is recoverable, and you can come out on the other side, stronger and more aware.
However, with Medical identity theft, you could be dead and there is NO recovery from that.
- Have your blood type changed in your electronic medical record.
- Have your blood pressure pills taken away because “you” have used two years supply in 1 month (it was stolen)
Both examples of non-recoverable problems. You’re dead, recover from that !.
It can and sadly has happened, and as more and more records go electronic and online, the attack against this target is going to grow in proportion. Why are there more Windows viruses, than Mac OS X, or Linux ? Why are there more Peoplesoft and WordPress vulnerabilities?
Because of market share. If I am going to write a virus I want to infect as many machines as possible. So right now there maybe 100,000 or 200,000 electronic health records. Two years from now that could easily be 1,000,000 to 3,000,000 records, now that is a worthy target.
Yet, the approach today is “So !” , “It has not happened here” , ”It is not happening to us”. Sure then be the next one to suffer because it is just a matter of WHEN not IF.
The rate at which medical records are being added / converted to electronic vs. the rate of true knowledge of HIPAA by medical professionals do not track each other. Thus making a great target for malicious activity.
