Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities

Now Available:

Featured Resources:

I have had relatives very close to me who, because of degenerative diseases and medical problems, have had to go to long term care (LTC) facilities. I always worried about the care they were receiving when I was not around. I worried that others would not be caring for them in a truly caring and kind way. I worried that people who had been convicted of violent crimes and financial fraud might try to take advantage of them and the others in the facility. I tried to keep a close watch on them.

Historically the need for workers within these facilities have led to lax hiring practices. As a result many residents have been abused, physically and mentally, and their financial health has also been abused through criminal use of their personally identifiable information (PII).

For example, there is the disgusting instance of a Seattle hospital worker in a leukemia treatment facility who took advantage of his position of trust to steal money from at least one patient in his care who he believed to be a terminally ill.

This type of situation has likely occurred other times; possibly many other times.

The insider threat is hard to address, and their criminal actions in such a setting even harder to detect.

On June 7 Senator Herb Kohl. introduced the U.S. federal bill S. 1577 the "Patient Safety and Abuse Prevention Act of 2007."

If signed into law this would require long-term nursing facilities and providers to perform criminal background checks on job applicants who would have direct access to patients. Those with a "disqualifying" criminal history would have to be turned down.

The term "disqualifying information" means "information about a conviction for a relevant crime or a finding of substantiated patient or resident abuse."

It would be good if this would go further and include a criminal history of misuse of personally identifiable information (PII).

There have been many accounts of medical identity theft. I have blogged about it several times, including here and here.

The World Privacy Forum has a page dedicated to this type of crime.

The American Chronicle did a story earlier this month on the topic.

Categories

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.

Now Available:

Featured Resources:

Realtime Communities

Newsletter

Monthly Archives

RSS

Ask the Expert