Identity Force releases Spring 2010 National Survey of Hospital Compliance Executives

Identity Force today released its Spring 2010 National Survey of Hospital Compliance Executives. More than 200 compliance executives from AHA member hospitals in 43 states indicated data breaches and medical identity theft continue to grow despite new regulations like the Red Flag Rules and the HITECH Act, designed to protect against the theft and loss of personal information.

“Hospitals must expand their activities from tactical triage to strategic action”

"It turns out that addressing the problems of data breaches and medical identity theft is proving more complex and time-consuming than hospitals counted on. It's interesting that many compliance experts now call into question whether or not even the new Healthcare Reform Law will ultimately help on these issues," said Steven Bearak, CEO of Identity Force. "We are simply copying, digitizing and disseminating personal information faster than we can control it."

Click here for a copy of the Identity Force hospital compliance report or visit www.identityforce.com/Press.php.

Highlights of the survey:

PROBLEMS ARE WORSENING DESPITE MAJOR REGULATORY EFFORTS

41.5% of hospitals have TEN OR MORE data breaches each year - a 120.7% increase over last year's survey. Currently, over 20% percent of hospitals have twenty or more breaches annually.

INSIDERS NOT OPTIMISTIC HEALTHCARE REFORM WILL HELP

56.3% of hospital compliance officers believe that the new health care reform law will either have no change or will increase medical identity theft at their institutions.

INVESTIGATION OF FRAUD IS SURPRISINGLY LOW

Despite the fact that medical identity theft is the fastest growing form of identity fraud, 71.4% of hospitals on average investigate fewer than 50 cases of possible misuse of identity annually, and over 34% still do not keep good patient ID records.

TIMELINESS OF COMPLIANCE IS POOR

To date, only 15.7% of hospitals feel they are in compliance with the HITECH Act, which went into effect in February 2010. This lack of compliance mirrors last year's slow compliance efforts regarding the FTC's Red Flags Rule.

SECURITY OF THIRD PARTIES IS AN UNKNOWN

48.3% of hospitals do not know if their vendors and business associates are in compliance with the HITECH Act.

"Hospitals must expand their activities from tactical triage to strategic action," explained Bearak. "Successful organizations will implement organization-wide training programs that create a 'Breach-Free Culture' and help eliminate patient ID misuse and fraud. These programs usually pay for themselves many times over by lowering risk and making breaches much less frequent. Avoiding one substantial breach can save millions of dollars in costs."