HIPAA, Security, Medical Records, Offshore, Coding, Billing
Offshoring Medical Records - Why You Should Care?
July 27, 2018
Your Medical Information Could Be in India, Pakistan, and/or the Philippines!
Why is it important that medical records remain with a workforce located in the United States?
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules exist to protect your "individually identifiable health information" held or transmitted by your provider (identified as a Covered Entity and/or their Business Associates), in any form or medium, whether electronic, on paper, or oral.
When you visit a doctor, medical center, hospital, dentist, or any other healthcare facility YOUR protected health information (PHI) is at risk of falling into the wrong hands.
Your Medical Record
Your electronic medical records contain extremely sensitive details such as your demographic information (social security number, home address, place of work, prescriptions, etc.), and possibly sensitive mental and physical health information (any diagnosis that has the potential for social stigma, as well as any images taken).
Every time you visit a healthcare facility, a record is made in their electronic health record (EHR) system. This information must be reviewed by a medical coder who then translates that information into billable codes for insurance payment.
Why does this matter?
Frequently, YOUR medical records are sent to work forces OUTSIDE of the United States for processing.
These overseas work forces CAN CLAIM they are HIPAA compliant but US law CAN'T touch them!!
The Office of Civil Rights (OCR) is not going to visit companies located overseas to perform an onsite audit.
The Real Problem ... These foreign work forces are NOT accountable to HIPAA privacy protection laws, like a US based workforce must operate within.
That means if your identity or PHI is breached and/or sold or misused by a foreign individual, there may not be legal recourse and NO LEGAL STRUCTURE between the US and that foreign country to prosecute the crime.
Security experts in the US insist that OCR, which regulates HIPAA laws in this country, CANNOT ENFORCE HIPAA REGULATIONS OVERSEAS.
How You Can Get Involved
The most effective solution to this very serious problem is to ensure that ALL Health Information Management is done here in the US and NOT sent overseas just to save money, and handled in a much less regulatory, high-risk environment.
Join Mark Sluyter, Rich Simon, and Elizabeth Burke CCS today and support their efforts to keep YOUR protected health information state side.
The letter below can be copy and pasted into your correspondence with your Congressman or Senator
Dear Congressman (or Senator) (your congressman’s or Senator's name),
Our personal identification and medical records are at serious risk. Anyone who visits a Doctor, Medical center, Hospital or any other facility is at risk of having this information fall into the wrong hands. How can this be you might ask? After all, we do have stringent HIPAA laws in place at a federal level, right?
Allow me to explain. Every time a patient visits their doctor or healthcare facility, a chart is made of their visit. This chart is in electronic form and must be reviewed by a medical coder which is translated into codes that guide insurance companies, Medicare and Medicaid as to how much of a reimbursement is made for each case.
These electronic medical records contain very sensitive details such as a person’s demographic information (social security number, home address, place of work, where they get their prescriptions, where their children go to school) as well as sensitive mental and physical health information (diagnosis that have the potential for social stigma as well pictures of patient’s bodies that are of a very sensitive nature).
In some instances, these medical records are being sent or full access credentials are being granted to work forces outside of the United States for processing of these records. These overseas work forces can claim they are compliant but US law cant touch them if they are not. India, Pakistan and The Philippines are just some of these countries. This means that a US based workforce is being decommissioned for cost savings and less regulations overseas.
Here is the big problem. These foreign work forces are NOT accountable to the HIPAA and data privacy protection laws, like a US based workforce must operate within. That means that if the identity or information of a US healthcare consumer is sold or misused by a foreign individual, there is no legal structure within that foreign country to prosecute the crime. Security experts in the US state that The OCR (Office of Civil Rights under the Department of Health and Human Services), which regulates the HIPAA laws in this country, cannot be enforced overseas. This means that every electronic medical record that is sent overseas carries the risk of the private info of an individual being sold in the black market with a value of $100 - $1000 each.
The most effective solution to this very serious problem is to ensure that all Health Information Management is done here in the US and not sent overseas just to save money and be handled in a much less regulatory, high risk environment.
We need your support in Washington to follow thru with this and pass legislation to address this major concern. Do it now or do it AFTER many thousands of people’s records are found to be compromised.
For a brief video introduction, more information and sources, please go to www.whohasmymedicalrecord.com
This is more important than most people realize. EVERYONE’S PRIVACY IS AT HIGH RISK, EVERYONE’S, INCLUDING YOURS. I look forward to your response.
Kimberly Shutters I am the founder and CEO of HIPAA alli, established in 2015, to assist the medical community with their HIPAA Security Compliance activities. My passion and soapbox mission is to bring awareness, education and prevention solutions for Business Associates (BAs) to help them understand how their daily activities impact the privacy and security of their patients’ Protected Health Information (PHI). I have over 25 years in the Healthcare industry, working with Primary Care, Internal Medicine, Cardiology, Urology, and Otolaryngology. My experience also includes almost 10 years in the Biotech, as a Software Verification & Validation (V & V) Engineer. This required creating the software policies & procedures, risk assessment (analysis) and risk management reports and any other essential documentation necessary for submission to the FDA CDRH & CDER divisions for 510(k) and BLA submissions.