Protecting Yourself From Identity Theft

When David S. Katz received the ominous notice that his Social Security number may have been “compromised” in a data security breach involving nearly a half million patients and their physicians, it made him re-think his own efforts to protect himself from identity theft.

“Most physicians don’t consider it to be that much of a problem until someone close to them gets affected by it,” says Katz, a Milford, Conn., surgeon.

Katz, who is president-elect of the Connecticut State Medical Society, says he didn’t experience problems after the breach, but the society pushed for better security measures from Health Net, the insurer responsible for the missing medical and financial information.

Health Net officials, for their part, offered two years of free credit monitoring services to those affected, but so far no reports of misuse have been filed, according to a spokeswoman for the Woodland Hills, Calif., company.

Meanwhile Katz urged colleagues to upgrade even the shredders they use at home and to be careful with how they dispose of old home copiers, because they typically have memory devices that are difficult to erase.

As careful as he is, however, Katz and physicians like him are still at significant risk when it comes to identity theft. At the same time, they are facing new federal requirements to safeguard patient data. The upshot? Don’t forget about your own identity protection while you worry about that of your patients.

Jay Foley, cofounder of the nonprofit Identity Theft Resource Center (www.idtheftcenter.org), offered these tips for keeping physicians’ personal financial lives safe from thieves out to pilfer medical and other identifying information:

• Start at work. No matter what type of practice you have, first make certain it has a robust system for maintaining the integrity of your medical provider numbers, says Foley. Larger practices that employ information technology departments should consider hiring a smaller, separate IT group that will act as a watch dog. “Embezzlement happens because a business owner trusts the bookkeeper,” he says. “Data theft happens because no one monitors IT.”

• Follow at home. Particularly if you carry laptops between home and work, or even simply log on to a system from home to perform any work tasks, you need to think about what data has the potential to make the trip, Foley says. You might not need a top-of-the-line shredder at home, for example, but if you ever have patient notes or data at home, upgrade to at least a good quality cross-cut shredder, he says. A basic home shredder dices documents in one direction, and they can be pieced back together fairly easily by industrious thieves.

• When in doubt, encrypt. Some software already comes installed with encryption capabilities, but others will need to have that added at a fairly low cost, experts say. It’s worth it to encrypt your financial files, such as Quicken or other software that includes account numbers and financial institution routing information.

• Sorry, Junior. If you use a laptop to receive patient data, don’t let your kids play games on it, Foley says. Games often carry the worst computer viruses.

• Add a second drive. Consider adding a second hard drive to your home computer for personal financial information to keep it separate from other personal, as well as practice-related, data.

• Upgrade passwords. Make sure your passwords are at least eight characters, with numbers and symbols, and avoid making them real words. The first code-cracking software programs used dictionaries to find passwords, he says.

Also consider hiring a credit monitoring service, which can alert you quickly if financial data gets into the wrong hands. Keystroke protection software is also gaining in popularity, which encrypts personal data as it is typed into a site, says Paige Schaffer, vice president and chief service officer for Europ Assistance USA, an identity theft protection firm. Inexpensive software is available that can be installed on a personal computer and when the user goes online to purchase something or input personal data, the keystrokes are automatically encrypted.

“The key thing to keep in mind about blending medical information you might have with your own personal data is to not have active Internet service while working with sensitive data,” Schaffer says. “Avoid logging onto the Internet while conducting any work-related business. And if you’re bringing patient files home (paper or electronic), make sure you have a system for locking up those files and know who has the keys.”

Here are a few more tips on prevention from Europ Assistance USA:

1. Never give your personal information by phone, Internet, or e-mail unless you initiated the request.

2. Destroy digital data when you sell, trade, or dispose of a computer, hard drive, recordable CD, or DVD.

3. Use the highest level privacy settings on social media sites.

4. Windows by default hides file extensions (e.g. .exe or .jpg). Unhide the extensions to avoid unknowingly downloading malicious software.

5. Mail bill payments and checks from the post office, not your home where they can be stolen from your mailbox.

6. Use encryption when on wireless networks.

7. Request annually from your health insurance company a list of benefits provided and review for any fraudulent activity.

8. Monitor expiration dates on your credit cards and contact the issuer if you don’t receive a replacement prior to the expiration date.

9. Ensure that your passwords are complex and include upper and lower case letters, numbers and special characters.

10. Ask about information security procedures in your workplace or at businesses, doctors’ offices or other institutions that collect your personal information.

Janet Kidd Stewart is a freelance writer based in Marshfield, Wis. As a contributing columnist for the Chicago Tribune, she writes a weekly, syndicated retirement column called “The Journey” that appears in Tribune newspapers across the United States. She holds a bachelor’s degree and master’s degree from the Medill School of Journalism at Northwestern University. She can be reached via physicianspractice@cmpmedica.com.

This article originally appeared in the July/August 2010 issue of Physicians Practice.