Offshoring Medical Records - Why You Should Care?
These foreign work forces are NOT accountable to HIPAA privacy protection laws, like a US based workforce must operate within.
Dear Congressman (or Senator) (your congressman’s or Senator's name),
Our personal identification and medical records are at serious risk. Anyone who visits a Doctor, Medical center, Hospital or any other facility is at risk of having this information fall into the wrong hands. How can this be you might ask? After all, we do have stringent HIPAA laws in place at a federal level, right?
Allow me to explain. Every time a patient visits their doctor or healthcare facility, a chart is made of their visit. This chart is in electronic form and must be reviewed by a medical coder which is translated into codes that guide insurance companies, Medicare and Medicaid as to how much of a reimbursement is made for each case.
These electronic medical records contain very sensitive details such as a person’s demographic information (social security number, home address, place of work, where they get their prescriptions, where their children go to school) as well as sensitive mental and physical health information (diagnosis that have the potential for social stigma as well pictures of patient’s bodies that are of a very sensitive nature).
In some instances, these medical records are being sent or full access credentials are being granted to work forces outside of the United States for processing of these records. These overseas work forces can claim they are compliant but US law cant touch them if they are not. India, Pakistan and The Philippines are just some of these countries. This means that a US based workforce is being decommissioned for cost savings and less regulations overseas.
Here is the big problem. These foreign work forces are NOT accountable to the HIPAA and data privacy protection laws, like a US based workforce must operate within. That means that if the identity or information of a US healthcare consumer is sold or misused by a foreign individual, there is no legal structure within that foreign country to prosecute the crime. Security experts in the US state that The OCR (Office of Civil Rights under the Department of Health and Human Services), which regulates the HIPAA laws in this country, cannot be enforced overseas. This means that every electronic medical record that is sent overseas carries the risk of the private info of an individual being sold in the black market with a value of $100 - $1000 each.
The most effective solution to this very serious problem is to ensure that all Health Information Management is done here in the US and not sent overseas just to save money and be handled in a much less regulatory, high risk environment.
We need your support in Washington to follow thru with this and pass legislation to address this major concern. Do it now or do it AFTER many thousands of people’s records are found to be compromised.
For a brief video introduction, more information and sources, please go to www.whohasmymedicalrecord.com
This is more important than most people realize. EVERYONE’S PRIVACY IS AT HIGH RISK, EVERYONE’S, INCLUDING YOURS. I look forward to your response.
Thank you for your time,
(Your name)
I am the founder and CEO of HIPAA alli, established in 2015, to assist the medical community with their HIPAA Security Compliance activities. My passion and soapbox mission is to bring awareness, education and prevention solutions for Business Associates (BAs) to help them understand how their daily activities impact the privacy and security of their patients’ Protected Health Information (PHI).
I have over 25 years in the Healthcare industry, working with Primary Care, Internal Medicine, Cardiology, Urology, and Otolaryngology. My experience also includes almost 10 years in the Biotech, as a Software Verification & Validation (V & V) Engineer. This required creating the software policies & procedures, risk assessment (analysis) and risk management reports and any other essential documentation necessary for submission to the FDA CDRH & CDER divisions for 510(k) and BLA submissions.