Many of the people who read this blog work for small health care providers, often in rural areas, that don’t have resources to invest in the latest technology and security measures. Often, when asked why the IT system has not been updated, the response is, “we are small, the bad guys are after bigger fish.” In reality, nothing could be farther from the truth.
In July, 2021 a Texas woman was sentenced to 30 months in federal prison for being a part of a ring that was using stolen protected health information in a way that generated over $1.4 million, that is, until they got caught. Along with two other co-conspirators, the woman had obtained credentials for a provider’s electronic health record, and used those credentials to access the records, steal personal and protected health information of people served by the provider. They then packaged the stolen information into fraudulent physician’s orders for durable medical equipment, (DME), and sold the fake orders to durable medical equipment providers and contractors who then used the fraudulent orders to bill Medicare for DME that wasn’t medically necessary, or even delivered. With the money they received selling the fraudulent orders, the co-conspirators purchased luxury vehicles such as Range Rovers, and a multitude of boats and personal water craft.
Because they had credentials, the bad guys were able to swim around (see what I did there!) in the EHR for months without being detected. Admittedly, most of the news articles we see about HIPAA breaches deal with large companies and impact tens of thousands, if not millions, of people, but, as evidenced by the case in Texas, accessing the systems of “small fish” can be very lucrative. Regardless of where the organization is located, the size of the organization, or the level of sophistication of the information systems, it is essential that every provider be alert; the bad guys love to swim in shallow water.
Most business leaders get frustrated when employees don’t do the right thing. You shouldn’t have to convince people to do what is right. MCA builds a compliance program and a culture where employees to the right thing, the right way, at the right time so you can focus on taking care of the people you serve.
Call today to schedule a consultation
Midwest Compliance Associates
(319) 553-0258