Once again patients are being notified of another data breach at a hospital and medical center where personal information, including social security numbers were accessed. Physicians Regional/Collier HMA Physician Management, LLC now affiliated with Community Health Systems Professional Services Corporations are among those entities where patient data was taken.
Kroll ID monitoring service is touted as being available to assist those whose information was unlawfully accessed, but calls to their number are either disconnected or placed excessive holds without answer. When one goes on the website to register, social security numbers are required to be entered into the website. As one of the affected patients, I do not want to enter my social security number into an online website so am unable to get any help and suspect others are having difficulty too.
Why are patients with insurance cards and drivers licenses providing identification required to disclose their social security numbers in the first place? There is still too little concern given to protecting individual’s personal information. Electronic medical records have not yet lived up to the promise of easy access and connectedness of patient data, yet they have led to the vulnerability of thousands of patient records. HIPAA, the national health information privacy legislation while providing for federal protection for disclosure of PHI – protected health information – has not resulted in enough vigilance by data systems and aggregators.
Legislation is needed instituting stiff fines and penalties for the failure to ensure protection of personal information. In the meantime be very careful with your personal information and question why the disclosure is needed before handing it over.