IFIDA KNOWN ENTERPRISES, LLC

"America's Ambassador for Privacy, Safety, Security, Identity & Asset Protection"


Home


About Ifida Known


Programs


Meeting Planners


Our Clients


Products


V.I.P. Section


Resources


Special Victims' Unit


Travel


Medical

Safe Social Networking
for Kids and Adults

Truth Be Told
Medical & Healthcare Industry

Two Weeks in Maryland keyboard
Rcently hundreds of people's personally identifiable information (PP) was compromised and these individuals could fall victim to identity theft in Maryland.  This occurred after medical information was leaked to the public.  After a filing error occurred in Maryland's Federal Court, officials stated that PII was accessible through an online court database for two weeks.  The warrants included information on 226 individuals, including 42 Social Security numbers. Maryland's U.S. Attorney declined to comment on the situation.

Colorado Chiropractor
Dr. John S. is no longer in practice.  A former member of the Colorado Board of chiropractors, he compromised the Medical Records of his patients.  The record contained their Social Security numbers, birth dates, addresses and, in some cases, credit card information.  The records in questions were thrown in a dumpster "due to lack of office space."  June D., a patient of Dr. John's still gets "goose bumps: when she recounts the story of her complete medical records with that chiropractor as one of hundreds thrown in the dumpster near a 7-Eleven.  Her medical records were full of her private and personal identifiable information.  Dr. John said he had changed all of his clients' records to electronic ones and he didn't have space in his office for the old paper records that came with the purchase of the business.
UPDATE - Upon our trying to reach Dr. John in his new state, we were told that he "has left the country and is no longer practicing."  Don't risk a threat of losing your practice by not knowing the Red Flags Rule!

Bethlehem Steel
Speaking to a retired-manager from Bethlehem Steel, I learned the one of his former employees perpetrated medical identity theft in an effort to gain medical treatment for his mistress.  The former employee allowed his mistress to use his wife's name and her medical insurance to receive specialized treatment and have surgery.  In doing so, the wife's blood type was changed, an illness that she did not have, and a surgery were all placed into her medical records.  Understand that her records with her health provider and insurer now contain false and inaccurate documentation as well as pose a major health threat (a changed blood type) to the victim.

When I shared this with an Office Manager who stated that she didn't believe that her Practice needed to be Red Flags compliant because most of her patients were elderly, I informed her that the mistress was in her mid to late sixties and YES, even her Practice needs a written Red flags Identity theft Prevention Program and all of the employees in her office need on-going training and updates on new and unusual techniques to detect, prevent, and mitigate identity theft.

It's not up to the individuals in a medical practice or any other business to decide whether or not their business will comply with the Red Flags rule.  It's a Law - enacted by Congress, signed by a President, enforced by the Federal Trade Commission, to protect WE THE PEOPLE from all forms of identity theft.

47% of Identity theft is committed by a family member,
relative, friend, co-worker, or a friend-of-a-friend
who either knows or knows of the victim

"Ghost User"password to the computer taped to the wall by the computer
Recently, as I was conducting a Red Flags Audit and Assessment for a 12-Doctor, 3-location practice, I came across a very disturbing situation.  The IT Manager allowed all 110-+ employees and consultants to access the computer network via individually assigned login accounts.  Each employee had access to the "S" drive which housed "shared" information and documents.  as I walked throughout the building, I found a couple of computer workstations that were unassigned and available to whomever needed them; sometimes staff from other locations, sometimes employees who normally worked from home and outside contractors as well.  The disturbing factor was the taped to the wall next to this computer was a "sticky note" that read:  "Login:  Ghost User"  "Password:  Bayberry09".  Thus, any one, at any time, including the after-hours cleaning crew could log on to this Practice's computer system and access all information on the "Shared" drive as well as a number of other key elements used by the Practice to conduct business.

What troubled me the most was that while I was auditing the Share-drive, I found that all of the Doctor's and PA's credentialing documents including resumes, social Security number, NPI applications, home addresses, CMEs, etc. were located on the "S" drive and clearly labeled for anyone to access.

It was changed immediately upon my recommendation, however nobody could really determine how long these records were accessible nor who had accessed them and possibly printed them out.

Though it was mentioned that one former employee had been fired for copying patient information and selling them to her brother, who had then used the information to open some credit card accounts, nothing further was mentioned about how the Practice had handled the process of notifying patients.

Contact Us, Privacy Policy, Shipping & Refund Policies

Visa Logo Mastercard Logo Discover Logo
Copyright  2005-2009 © Ifida Known Enterprises, LLC 
info@ifidaknown.com