By Kayla Matthews, HealthIT writer and technology enthusiast, Tech Blog
Twitter: @ProductiBytes
Data management is an integral, if tedious, part of running a medical practice. Whether you’re managing a small independent practice or collecting information for an entire hospital full of patients, it’s important to keep track of all your data and implement programs to ensure it is used to its fullest potential.
However, there’s a lot more to data management than just collecting patient information and updating electronic health records — as one insurance company recently found out.
To the Tune of $82 Million
An insurance company was recently fined $82 million for a series of spoofed robocalls. While spoofing is not illegal in some circumstances, it is illegal when the caller is using it to defraud the people being contacted, and that is precisely what Best Insurance Contracts was doing. It spoofed their number to try to con consumers into purchasing health insurance, using robocalls to make the phone calls for them.
Best Insurance Contracts was discovered when its robocalls started spamming a medical paging service, potentially interrupting vital medical services in the process. The company was proven to have made at least 82,000 unsolicited robocalls while spoofing its caller information and was fined $1,000 per verified call. They were charged more than $82 million.
This massive fine is a mere fraction of what it could have ended up paying — it was only proven to have made 82,000 calls, but it’s estimated they completed more than 21 million robocalls.
Successful patient data management could have prevented this massive robocall mess.
Patient Data Security
Best Insurance Contracts wasn’t spamming potential customers with robocalls because these people actually needed insurance — it was simply working its way through a list of purchased or stolen phone numbers, likely collected from a medical billing file. With more and more practices implementing networked medical billing services and electronic health records, the potential for data breaches in connected medical devices grows.
This came to the forefront earlier this year with the WannaCry hack that disabled the computer systems of hospitals and doctors’ offices around the world. By using networked equipment with older operating systems — in this case, Windows XP, which Microsoft no longer updates or supports — these medical facilities put themselves and their patient information at risk.
Anytime you have a networked system, there is the potential for a breach. It’s essential to spend some time on data management to shore up the security of your patient information.
Privacy Concerns
While some stolen phone numbers might not seem like a breach of patient privacy, the same back doors that hackers might use to steal basic information from, like names and phone numbers, could also be used to access electronically stored patient information. If that happens, a basic security breach suddenly becomes a HIPPA violation. You could find yourself facing fines for the data that is stolen, as well as continuous fines as long as the breach is accessible.
These fines don’t include any additional fines that may be levied against you as the result of a civil or criminal suit, like the one we mentioned in the beginning of the article. There were no HIPPA violations performed by Best Insurance Contracts, but had there been any personal patient data exposed, there would have been additional fines.
Networked equipment, electronic health records and cloud networks for medical billing and coding are all invaluable tools to help streamline your medical practice. They enable you to spend less time worrying about paperwork and more time caring for your patients. That said, it is essential to spend at least a little bit of time on data management and security — for your own sake as well as the sake of your patients.
It’s up to you to guard the information your patients provide, so while you’re trying to make your practice more efficient, make sure you keep that in mind.