It’s hard to filter out the white noise and decide what’s important for your practice. A constant and endless barrage of products and services are offered to you. And, when it comes to technology, the steady stream often comes in the form of “HIPAA Compliance” and “Data Security”. We think these things are important, but how important? … and Why? Let’s explore.
In recent years, we have heard about breaches at Home Depot and Target where literally millions of credit card numbers were stolen by online hackers. Why was this data hacked? Was the hacker planning to use those cards themselves? Nope. The data was hacked because there is a “Black Market Value” for stolen credit card information, and the hackers planned to sell that stolen data where they would receive anywhere from $1-$5 per stolen card. That’s crazy, right? There is actually a place on the internet where thieves can go and sell stolen information.
Now, let’s talk about the patient data that you store in your Practice Management software (Dentrix, Eaglesoft, Open Dental, etc.) Do you have any idea on what the “Black Market Value” is for each one of your patient records? Would you believe me if I told you it is worth $60 per patient record? It is.
Did you just do the math? 5,000 active patients multiplied by $60 = $300,000. You might very likely have $300,000 worth of data sitting inside of your server, or even much more.
Why? Who cares if Timmy had a filling last year, or if Mary had a root canal done two years ago? Nobody, nobody cares about their treatment history. A hacker cares about the personal data that is stored in the patient record on file. Think about the personal data you collect: Name, Social Security, Date of Birth, Address, Etc. That information can be used to commit identity theft and would allow someone else to obtain new credit cards, open new bank accounts, process fake insurance claims, and so forth.
While a stolen credit card can be cancelled in minutes, stolen personal data will remain valuable for many decades.
When someone steals personal data, it can potentially haunt the victim for a lifetime. And, for the criminal, it presents a lifetime of opportunity to steal and commit fraud.
We will explore many aspects of HIPAA in upcoming blog articles. For now, let’s at least begin to understand why this data is so valuable, and why we must implement proper security to protect this valuable information. By understanding more, we can begin to have more appreciation (and subsequently more motivation) to take action on our HIPAA compliance.