RE: Patient Identification Theft - Records Stolen -- Need suggest...

[Guest guest]

, Vickie, et. al.

Strong agreement about keeping records inside the clinic. Whei I operated

several private clinics, we once had a severely injured patient who'd been a

reseacher for a major pharmaceutical manufacturer. She had been

transporting a number of clinical research records in her personal

automobile when she was unfortunately " T-Boned " by an 18-wheeler, scattering

car and contents, strewing paper everywhere!

The research was lost. She survived, but had residual disability. It

wasn't her fault. Since I had been accustomed to taking charts home with me

to bring up to date from time to time, I learned a lot from that tragedy.

Dr. Dick Hillyer

(Off to Orlando today for the FPTA Spring Conference!)

Hillyer, PT,DPT,MBA,MSM

Hillyer Consulting

700 El Dorado Pkwy W.

Cape Coral, FL 33914

Mobile

_____

From: PTManager [mailto:PTManager ] On Behalf

Of mlavcavitt@...

Sent: Thursday, March 31, 2011 1:58 AM

To: PTManager

Subject: Re: Patient Identification Theft - Records Stolen --

Need suggest...

Dear ,

I had a PT practice contact me for consulting services after one of their

employee's stole the credit card number for three patients and used it to

purchase nearly $4K in goods and services from local merchants. We

immediately implemented Red Flag Rule policies and procedures, paid for each

patient to run a history of their credit for the next three years ($49

year),

purchased an identity theft policy for each patient (less than $100 for one

year) and paid back each patient for the amount that was fraudulently

charged

to their credit card along with interest (upon the advise of the client's

attorney). Additionally, all four of his current financial/administrative

employees went through a thorough background check and are now bonded. The

client chose not to file charges against the employee as he felt that he

did not have proper internal controls in place to avoid this from happening.

All three of the patients were satisfied that the client took proper

measures to make them whole again and more importantly, to avoid (hopefully)

this from happening in the future and thusly, no legal action was taken

against the client. A detailed incident report completed by the clinic owner

and signed by all three patients is on file in the event one or all three

patients later decide to take legal action against the clinic.

On a similar note, we have clients who have adopted very strict policies

against removing medical records/files/patient financial records and lap

tops

from the office for this very reason. Stuff happens! While I am not an

attorney, I work with a number of attorneys that I feel strongly would

advise your colleague to adopt a similar policy and complete an incident

report

for both HIPAA and compliance purposes.

Wishing you and your colleague the best of luck in finding an answer to

this dilemma.

Sincerely,

Vickie

D. Cavitt, President

Medical Legal Alliance, L.L.C.

600 Guilbeau Road, Suite A

Lafayette, LA 70506

In a message dated 3/30/2011 3:09:21 P.M. Central Daylight Time,

pkovacek@... <mailto:pkovacek%40ptmanager.com> writes:

PTManagers

I am hoping someone on this list can help with a situation that I have no

experience with.

A PT colleague of mine had his car broken into and a small number of

patient

records were stolen. Patient records were typical notes etc but were full

charts with patient specific information that would be valuable to an

identity thief.

The therapist has identified all the missing charts, met with each patient

to explain the situation and provided each patient with an identify theft

protection plan for at least the next 12 months. Fortunately, because he

got

to the patients immediately, there is not a public relations issue with the

patients.

If anyone else has [unfortunately] had any experience with this sort of

event, are there other actions that the therapist should take to

protect himself, his company and his patients?

Thanks in advance for your ideas and suggestions.

Kovacek, PT, DPT, MSA

_PKovacek@... <mailto:_PKovacek%40PTManager.com> _

(mailto:PKovacek@... <mailto:PKovacek%40PTManager.com> )

Cell

Personal Fax

www.PTManager.com