Data breaches in the past year have increased, demonstrating that even some of the biggest and most prominent healthcare organizations are vulnerable. Chairmen and rankings members from the Senate Committee on Health, Education, Labor and Pensions and the Senate Committee on Finance wrote to HHS to ask what the organization is doing about it.
"Sizeable and damaging breaches continue as a result of traditional threats, including unauthorized access and disclosure and loss or theft of laptops," the letter reads. "In total, [the Office of Civil Rights'] breach portal indicates that nearly 154 million individuals were affected by 1,367 reported data breaches at healthcare organizations. We are concerned that data theft will continue to rise and will result in an increase in medical identity theft."
The representatives wrote medical identity theft has serious implications for healthcare consumers beyond stolen information — It can result in receipt of improper treatment and bodily harm. This type of theft also impacts patients' ability to access their own medical records under HIPAA. Additionally, CMS has shown it is reluctant to correct Medicare billing records for medical identity theft victims because such corrections could negatively impact beneficiaries and CMS' internal accounting systems, among other factors.
The representatives included 12 specific questions they request that HHS answers by Nov. 24, 2015 about their actions relating to medical identity theft and data breaches.