Unfortunately cases of medical data theft by ex-employees rarely make it to court as many affected practice owners don't have the financial means to pursue the thieves. The immediate impact on revenue caused by data theft leaves practice owners virtually no opportunity to take out any sort of legal action. The big medical chains injunct ex-employee data thieves, the smaller centres face an uncertain future with limited resources to fund their business expenses following data theft let alone the additional funding of any form of litigation.
Patients affected by data theft can never be sure their personal information will remain safe in the hands of ex-employee data thieves.
Data thieves may use the stolen files to help secure themselves a position with a competitor or start their own practice. They could also just as easily sell the data on the lucrative black market for patient identities or do both. Once the data is removed without the authority of the patient no-one can be sure exactly what will happen next.
The first time an affected patient will know there is anything going on with their patient file is when they are notified of a change of address by a health professional that they may have seen at a practice. Most patients will naturally assume the notice is a courtesy announcement of a move to a new location. If the patient receiving the notification hasn't provided some form of authority, for their files to be moved, then any change of address notification should be considered with suspicion.
Under a recently passed bill (Privacy Amendment - Enhancing Privacy Protection Bill 2012) any person affected by data theft has to be notified (effective March 2014) by the business holding the patient data immediately it becomes known their data has been compromised.
Unfortunately in many cases this will alarm the receiver causing them to join other notified recipients in contacting the practice concerned to find out what has happened to their information. The practice is blamed for the lack of security provided over their data and the thief gets away with total immunity from prosecution.
There is no legislation that will allow Police to charge ex-employee data thieves.
We came across the following article, published by Fox Business, which highlights just how valuable your patient file is to data thieves.
Protect Yourself Against Medical Identity Theft
From the Gerri Willis DailyI’m a big fan of keeping my personal information personal. But when it comes to your medical information, maintaining privacy is difficult, if not impossible. That’s because your information isn’t just held by your doctor, hospital and insurer, it’s also a commodity bought and sold by marketers, data base companies and even retailers.
In fact, on the black market, your medical records are more valuable than your social security number. According to Dr. Deborah Peel of Patient Privacy Rights, it costs just 50 cents to a dollar to buy a social security number, but $14 to $24 to buy someone’s private medical details. Smart identify thieves are leaving the dumpster diving behind and focusing on medical identity theft because they prefer the deeper pockets of insurers to consumers.
Read more: