I’ve written about cyber attacks, cyber extortion using ransomware in hospitals, medical identity theft, data mining risks with health/medical apps and fitness trackers, and more. I am not an IT professional so I’ve written this for the un-indoctrinated, which until a year ago, included myself.
It makes sense to review a few basics about how to stay safe if you use email, engage in social media (Facebook, Twitter, LinkedIn, etc.) shop online, browse the internet, use health or medical apps, bank online or have smart devices in your home. Even if all you do is search on the internet for answers to health questions, these strategies apply to you.
Knowledge is power. The more you know, the more easily you can make an informed choice.
Think of your computer, smart phone, iPad, and other electronic devices like you do your home. We all want to be safe at home and most of us implement strategies to support that safety. We lock our doors and windows, install alarms, have protective dogs, and more. Consider taking steps to protect yourself in much the same way while using your electronic devices that connect to the internet or Wi-Fi.
With the advancement of technology and the Internet of Things (IoT), we are all more interconnected. That means we need to be informed about the risks of interconnectedness and learn how to protect ourselves from hackers and other cyber criminals. Technology is growing too fast for us not to implement a few basics to prevent identity theft, financial theft, hacking, malware, phishing scams, and more.
Public Open Wi-Fi
If while eating a muffin and drinking a latte at your local coffee bistro, you decide to do a little online shopping while you’re there, stop. Don’t do it. Public open Wi-Fi is not secure and most people don’t realize just how easy it is for a hacker to eavesdrop on your internet communication through the Wi-Fi and snag your personal information, including username and passwords. Your information can be exposed and retrieved by cyber criminals to commit identity theft.
Public open Wi-Fi is available to everyone in that location and no password is needed for use. It is not protected in any way. Coffee stores, hotels, gyms, universities, airports and other public places offer public Wi-Fi as a free service. It’s up to you to protect yourself.
- Be sure to set your smart phone, laptop or other device to manually select Wi-Fi. This way you choose when you want to connect to Wi-Fi rather than your device automatically connecting.
- Do not do online shopping, online banking or engage in social media if you use public open Wi-Fi. Your personal information will be at risk to hackers who can so easily eavesdrop on your activity.
- Public open Wi-Fi users should only visit secure websites with https addresses. It looks like this–https.www.samplewebsite.com
Facebook, Twitter, LinkedIn & Other Social Media Sites
“Cyber criminals often create fake profiles to befriend you on Facebook,” according to Heimdal Security. “Their goal is to get you to leak confidential information to them. Be careful about friend requests on all social media sites.”
On LinkedIn, cyber criminals create fake profiles to help themselves to your personal data, such as your connections, your email address, and your phone number. Check every LinkedIn connection request before you accept.
Suspicious connection requests look like this:
- Very few connections
- Very little info in the person’s bio.
- Generic information.
Strengthen Your Passwords
Admittedly, changing your passwords to beef them up is a big hassle. Who can remember their passwords? I know I can’t. I have them written down in a secure place. And yes, I’ve had to change my passwords more than once because I can’t remember my new passwords.
- Create a unique password for each unique account. Don’t use the same password for multiple accounts. Although I have to admit I’ve been guilty of this.
- Use a more complicated password that has the following: ! and #, numbers, upper and lower case letters.
- Don’t reuse old passwords.
- Don’t use your birthdate, telephone number or your street address. Cyber criminals can find that information on the internet. It’s common for people to use this information in passwords and hackers know it.
- Use two-factor authentication, known as 2FA. It is a two-step verification, an extra layer of security that requires not just a password and username but something unique to you.
- The rule of thumb has been to change passwords fairly often to outrun hackers. But a colleague pointed out that there is new research that unveils that changing passwords can actually decrease security. See for yourself here. Thanks to Meg Helgert for the information and this study.
Health/Medical Apps and Fitness Trackers
I don’t use these myself for security reasons. I purchased a FitBit some time ago and after reading the fine print, I returned it to the seller. FitBit, JawBone and other fitness trackers collect, share and sell consumers’ data to health insurers, employers, data brokers and others. Health/medical apps do it too.
More info in my article, How much health care data is mined without your knowledge.
Health related apps aren’t regulated by the FDA and aren’t covered by HIPAA, which means that the majority collect your sensitive data and do with it what they will. Most don’t have good privacy or security, according to PC World’s article, Why hackers love health apps.
Most of us use email in some form or another. What you might have received already and hopefully deleted, are phishing emails meant to fool you into thinking they are sent from a known business or bank. Cyber criminals make these phishing emails look real by using photos, images and logos from the original businesses. Many go undetected.
A phishing email might ask you to click on a legitimate-looking link or ask you to download an attachment.
Don’t do it.
The phony email might ask you to authenticate your username or password. You may be informed of a deposit or withdrawal and then asked to click on a link. Phishing emails lure you into giving them personal information such as social security numbers, credit card details, birth date, mother’s maiden name and more. This information can give a hacker all he needs to gain access to your accounts or to commit identity theft.
In 2013, Walmart customers were tricked into believing an email scam that requested that they update their account information urgently to keep them safe.
“Unsubscribe” Email Scam
According to the Identity Theft Resource Center, a new scam has arrived. “Savvy scammers have leveraged the power of annoying spam and dangerous phishing emails by combining them. The result is a barrage of identical looking spam emails that promise everything from weight loss to skin care products, all of which offer you multiple chances to click “unsubscribe” in order to stop receiving the emails.
Their tactic is to bombard you with these spam emails so you’ll do just about anything to make them stop. However, embedded in the “unsubscribe” link is a virus or malware that could infect your computer.
If you don’t recognize the sender, or you didn’t sign up for the emails, do not click on the “unsubscribe” link provided. Report the email as spam by clicking on the spam button on your email program.
Spam email can also include malware that allows a cyber criminal to control your computer remotely, freeze the contents and demand a ransom in exchange for the release of your personal photos and other data. More information on malware in my blog, Hospitals are sitting ducks for ransomware and other cyber attacks.
Keep Your Software Updates Current
Download your software updates on your computer, iPad, smart phone or other electronic device as soon as they become available. Or turn on the auto-download on your software updates. Software updates keep security on your device current. Updating the software on your apps can prevent 85 percent of targeted attacks. See Heimdal Security for more info on this.
Purchase Anti-Virus Software
Yes, you need it. I use Intego Mac Security. This is not an endorsement, just what my IT tech recommended. So far, my computer has been safe.
However, I did just hear from an IT person who read this blog and said that third party anti-virus software is unnecessary. You’ll have to do your own research on this as there seem to be two schools of thought.
Check Your Bank Statements Weekly
Even if you don’t bank online, you should be checking your accounts on a weekly basis. Review your statements for unfamiliar withdrawals and deposits. Alert your bank if you notice suspicious activity. Change your password immediately if you do.
Smart TVs, Smart Refrigerators, Smart Homes, Virtual Home Assistants, Smart Security Cameras, Smart Thermostats—The Internet of Things (IoT)
I don’t own any of these for a reason. I’m not against them as they make lives easier and I know people who love them. If you do purchase or already own a Smart TV or for example Amazon Echo (Alexa,) be sure to read the fine print. The voice command feature, if left on, can collect and send your voice data to a third party service that converts speech to text. Talk about a privacy issue, not to mention a creepy one. Read more about this here, Your Samsung SmartTV is Spying on You.
Please read the FBI’s warning about these Smart Devices.
I hope this helps.
Imagine you are a patient in a hospital that gets attacked by ransomware. Your medical records and other data are seized, and all users including your physicians and nurses, are denied access to them. Let’s say you are about to receive chemo, radiation, or another vital treatment.
What would you do? What can you do?
Not a whole lot, unless of course you have your own personal back up of your hospital medical records on hand. And even then the hospital may not be operable.
Think this sounds implausible? Think again. And read on.
As many as 75 percent of U.S. hospitals have been hit with ransomware in the last year. Hospitals are considered the perfect targets because they need the information on patients immediately, don’t have the necessary tools to prevent such an attack, and many haven’t taken the necessary steps to educate and train their employees on how to avoid such an attack. Many simply pay up. But not without extensive delays and having to turn patients away or evacuate patients from the healthcare facility.
This kind of cyber extortion can put patients at risk and compromise patient safety.
If this is new to you, ransomware is malicious software that seizes all data in a computer or computer network. Cybercriminals hold it for ransom until payment is made in exchange for release of the information. In a hospital, it will lock up all electronic patients’ records and other data in its computers and computer networks. The information is left completely inaccessible to medical professionals who need it for patient care. Messages are installed by cybercriminals demanding payment, usually in the form of Bitcoin, in exchange for accessibility to the seized information. Sometimes the cyber extortionists release the data after receiving the ransom payment and sometimes they don’t.
According to the FBI, “Ransomware attacks are growing in number and are becoming more sophisticated.” The FBI also reports that hacking victims in the U.S. have paid more than 209 million in ransom payments in the first three months of this year.
Malicious malware can be sent in an email to a specific person with an attachment that appears to be legitimate such as an invoice or electronic fax. Or the email can contain a legitimate looking URL which the victim clicks on and then is taken to a website that infects the computer with malicious software.
There are new cases of ransomware where cyber criminals don’t use emails at all. They seed legitimate websites with malicious code which then seizes the computer and possible other networks and back up drives.
In May of 2016 Kansas Heart Hospital was hit with ransomware and extorted twice.
In April of 2016, three Southern California hospitals, owned by Prime Healthcare Services, were attacked by ransomware. Prime Healthcare Services stated in a Los Angeles Times article that they did not pay the ransom. The FBI recommends not paying the ransom. One can understand why hospitals would pay up to get their systems and patient care running as soon as possible. There just aren’t enough tools in place for them to do much else. Some hospitals do refuse to pay the ransom and rely on back up copies of information. Still, it can take several days for them to get back to some degree of normalcy.
In March of 2016, cyber criminals attacked 10-hospital MedStar Health, located in the Maryland and District of Columbia region. The hackers encrypted the hospital chain’s computer networks so all information was frozen. The Baltimore Sun reported that the malware attacks left ten MedStar hospitals unable to access patient data and in some cases having to turn patients away.
Also in March of 2016, Methodist Hospital in Henderson, Kentucky, was crippled by ransomware and claimed to be operating in a state of internal emergency. The hospital was forced to shut down all of its computers because of the malicious malware. The message left on the affected systems via Locky malware demanded a ransom in bitcoin.
In February of 2016, the Hollywood Presbyterian Medical Center, located in Los Angeles, had their computer networks attacked by cyber criminals who demanded 17,000 in bitcoin to release patients’ records. Hollywood Presbyterian paid the ransom.
Not a cyber extortionist attack but noteworthy all the same, in July of 2015, UCLA Health was the victim of a major cyber attack. 4.5 million patients’ data was compromised which included social security numbers.
Among others, Anthem Blue Cross disclosed that 80 million customers’ data was compromised in 2015.
The list goes on.
Sen. Bob Hertzberg authored a bill in effort to make ransomware a felony. Let’s hope that passes. But I have to wonder how cyber criminals would be charged since most cyber attacks originate outside of the U.S. This is an update on a bill already passed that introduces new penalties specifically for ransomware attacks. If the update passes, cyber criminals would be fined up to $10,000 and sentenced to two, three, or four years in jail.
Seems like a paltry sum and a much-too-short jail sentence if you ask me. After all cyber extortion is basically data kidnapping that could put patients lives at risk. Under federal law extortion carries up to a 20-year sentence, depending on the circumstances. Perhaps Hertzberg’s new bill is a good start on a massive, growing problem.
Hospitals must focus on prevention of these ransomware attacks. Real time backing up of patient electronic medical records and other data is an important strategy, but it still only addresses the problems after the cyber attack has been committed. Many hospitals don’t even back up. Preparing for a ransomware attack is essential for every hospital or other healthcare facility. Many hospitals claim to have insufficient funding to pay for internal experts such as chief security officers or to enlist a solid cybersecurity company’s services.
“Educating and training all system users is crucial,” states Healthcare IT news in its article, Tips for protecting hospitals from ransomware as cyberattacks surge. “All it takes is one uneducated user.” It’s the employees in hospitals who click on phishing emails or visit corrupt websites.
It’s not just the hospitals or healthcare facilities that become victims to ransomware. Patients must be protected.
I welcome your comments.
As my husband was wheeled into his hospital room after total hip replacement surgery, I noticed a red sign on the patient’s room that was kitty-corner to his. It said, “Stop. Infection risk.” The sign included instructions about donning gloves and gowns before entering the patient’s room.
This was not a good sign.
I waited outside Jamie’s room for a few minutes as two nurses evaluated him. Two medical professionals inside the other patient’s room caught my attention. They were not clothed in protective gowns or gloves, even with the infection risk. They spoke to the elderly patient at her bedside, one with a stethoscope around his neck and clipboard in hand. I overheard them explain to her that they could not release her because of her MRSA infection and that family members had not been reached.
MRSA? I tried to calm myself. Methicillin-resistant Staphylococcus aureus is serious business. MRSA can be life threatening and causes wound infections after surgery, pneumonia, sepsis, and more.
According to the Journal of Clinical Microbiology Reviews, hospital-acquired infections are the fifth leading cause of death in the United States.
I glanced into the patient’s room again, unsure if I’d seen what I thought I had. The clinicians were in fact not wearing gowns or gloves.
According to RID, the Committee to Reduce Infection Deaths, “Clothing is frequently a conveyor belt for infections. When doctors and nurses lean over a patient with MRSA, the white coats and uniforms pick up bacteria 65% of the time, allowing it to be carried on to other patients.”
As I stood facing my husband’s room, the curtain drawn around his bed for privacy, I noticed how close the elderly patient’s room was to his. About three to four feet. I figured that she and my husband might share the same nurses. My fears spiked as I thought about how easy it would be for nurses and other medical professionals to transmit MRSA from one patient to another. In the published study, Hand hygiene for the prevention of nosocomial infections, “Healthcare workers’ hands represent the principal route of transmission of nosocomial pathogens.” Staphylococcus Aureus (MRSA) can survive for over 2 hours on the hands and is found in 10-78% of staff.”
Minutes later, I stood by Jamie’s bed, touching his hand. He looked weary, in pain.
“You okay?” I asked.
I didn’t mention the MRSA patient next door as I didn’t want to worry him. I mulled over how I was going to handle this with his nurses, how to approach them so I could maintain a cordial relationship. That relationship was crucial to his care. But I also wanted him safe.
Nancy, Jamie’s registered nurse, soon entered the room and introduced herself. We chatted about my husband’s surgery, his care, and I asked about dinner for him since he hadn’t eaten since midnight the night before. Nancy was very friendly and exuded an air of confidence, which put me somewhat at ease. I decided to wait to address my concerns about the patient next door.
To say that I was worried about Jamie would be an understatement. His first hip replacement surgery on the other hip 14 months ago had not gone well and had to be redone. After severe pain did not let up for five months after that surgery, we’d met with several orthopedic surgeons for other opinions. Each one recommended revision surgery. We chose the surgeon who performed the most hip replacement surgeries and revision hip surgeries, who had excellent training and education, but who was also a patient-centered physician. He answered all of our questions. He took the time to explain what needed to be done. He made the effort to get to know Jamie, to establish a relationship.
Seven months ago, Jamie’s revision surgery was expected to take about an hour and a half. It turned into a five-hour operation because the previous hip replacement was such a mess. The new surgeon had quite a bit of trouble withdrawing the stem. It would not budge. He had to surgically cut a keyhole into my husband’s femur to pop it out. He was forced to insert a longer stem because of the problems caused by the previous surgery. This surgeon explained in detail what had happened, and that the recovery would be extended.
Jamie’s recovery from the revision surgery was long and arduous. As a previous hockey player for 25 years on a hockey league, and a skier, motorcycle rider and all around athletic guy, he struggled with losing much of what brought him joy.
Because of Jamie’s life-long physical activity, his other hip was also in very bad shape. All of the orthopedic surgeons we met with said that it too would need to be replaced as it was bone on bone. Ongoing pain in the natural hip prompted the current surgery.
Normally, a patient with MRSA in the hospital room next door might not have prompted as much concern on my part. But Jamie had been through so much—3 years of chronic pain. 3 surgeries. I just wanted him to get his life back without complications.
Nancy was very attentive to Jamie and brought him pain medication almost immediately when she realized he was suffering. She also informed us that dinner was on its way. I liked her already and thought about what I could bring the next morning for her and the other nurses that might show our appreciation for their care.
But the MRSA issue burned in my brain. As soon as I sensed we had developed a good rapport, I asked her the question. “The patient next door,” I said, “She has MRSA, right?”
Nancy appeared a bit startled. “How did you know that? “
I explained that I’d seen the sign on the door and overheard the medical professionals’ conversation in her room as I’d waited for Jamie to be evaluated.
“Is my husband at risk for contracting MRSA since her room is so close?” I asked gently, trying to conceal my worry. I apologized for asking, not wanting to doubt her professionalism.
Nancy explained the protocol for donning protective clothing and gloves before entering the other patient’s room and outlined what needs to happen upon leaving it. She added, “We also use the hand sanitizer every time we come into your husband’s room and again before we leave.”
It had been a while since I’d done research on hospital-acquired infections for both of my books, The Take-Charge Patient and Critical Conditions, but I didn’t think that hand sanitizers killed MRSA. I blurted out, “Does that hand sanitizer kill MRSA?” See this article, The FDA Wants Proof Hand Sanitizer Works.
Nancy hesitated for a split second, motioning to the hand sanitizer dispenser on the wall. “Yes, it does.” She probably hadn’t encountered many loved ones who asked that question. And then she whispered to us, “I’m not taking care of her anyway. I won’t be going into her room.”
Two days later, Jamie was home from the hospital and recovering. He still has no signs of infection. A nurse visits him twice a week and he has in-home PT three times a week.
A week after the surgery, I felt able to do some research on hospital-acquired infections. The CDC states that hospital-acquired infections affect 1.7 million people annually and kill 99,000 people each year. A common statistic that many are familiar with.
But what I discovered that was new to me is that hand sanitizers used in hospitals must have a 65%-100% alcohol content to be effective against MRSA, according to the published study, Effectiveness of various hospital-based solutions against community- acquired methicillin-resistant Staphylococcus aureus. I have to wonder if all hospitals provide hand sanitizers with that level of alcohol content. Hand washing is still considered the gold standard for preventing transmission of infection. But with understaffing, lack of time and patient emergencies, it’s a wonder nurses have time to hit the restroom.
Then, I looked up the patient safety grade of the hospital Jamie had been in. I could have researched this before his surgery but I’d decided against it.
My husband’s surgeon has privileges at that hospital and could not have performed the surgery in another facility. We were committed and very confident in this surgeon. My husband was not going with anyone else because of a hospital’s infection rates. He had been through too much. Besides, I knew this hospital to be much better than the other one covered by our health insurance.
Hospital Safety Score for the hospital my husband was in?
However, it was a relief to see that their safety scores for MRSA were higher than most.
Beth Gainer’s book, Calling the Shots in Your Medical Care, is a must-read for every patient and caregiver. Written with a straightforward and compelling voice, Gainer offers sound advice to get the best medical care. She should know. She is a breast cancer survivor who lived through and overcame many challenges in her medical journey.
Calling the Shots in Your Medical Care focuses on the all-important doctor-patient relationship, showcasing the quality of that relationship and it’s direct connection to good medical care. Through interesting stories, Gainer illustrates how to find a truly great doctor. We recognize physicians who treat patients with respect and who value patient participation in care. Armed with her own strategies and checklists, Garner finds some amazing doctors to treat her.
Through the author’s journey, we also recognize arrogant doctors who don’t listen to patients, those who aren’t interested in a collaborative relationship with patients. Gainer admits that a patient-centered, caring physician is not easy to find but emphasizes the importance of locating one.
The author’s many triumphs throughout her medical journey are not without horror stories and common frustrations with our healthcare system. The way Gainer handles the pitfalls had me cheering for her. I’ve not read a book thus far that empowers a patient as much as this one. She encourages patients to listen to their gut instincts, to speak up, to become informed, and to engage in care.
Having fully researched a treatment to prevent a reoccurrence of breast cancer, Gainer shows us by example how to achieve “doctor buy-in” on the medical treatment she believes is best for her. At the helm of her care, Gainer works in partnership with her chosen medical professionals. “A wonderful physician will also be open to the patient’s input,” she writes. This is key to patient-centered care and Gainer knows it.
The author admits to being somewhat intimidated by certain doctors, just like the rest of us. Her story about her oncologist who encourages her to speak up, to stand for herself as a patient, is the best example of patient empowerment I’ve read. Gainer is realistic about the demands and frustrations of dealing with time-pressed medical staff but gives herself permission to ask for what she wants anyway. Patients need to hear this more than ever now.
Beth Gainer’s personal journey with breast cancer also opens the door to her personal suffering with treatments, revealing just how difficult it can be to undergo chemotherapy and surgery with all the trappings of a complex and often frustrating medical system. Her story is one of triumph.
Calling the Shots in Your Medical Care is both an emotional and captivating read. It is packed with effective strategies for patients to get the best care while maintaining their sanity.
Many of us now have high deductible health insurance plans, which makes us “cash pay” patients until we meet our deductibles. The higher the deductible, the lower the monthly premium. If you have a high deductible and don’t consume much medical care, you are most likely a cash pay patient. You might even avoid medical care because of the out of pocket cost. I know I have.
As health insurance premiums increase each year, so do deductibles. Across the country, rates have increased 20 to 40 percent and up, making it difficult for many of us to afford anything but a high deductible plan. I talked with a friend yesterday who has a $9,000 deductible. She has a torn meniscus. She is avoiding the surgery because she isn’t even close to hitting her plan’s deductible. I suggested she try asking for a “cash pay” price from her surgeon and the hospital or surgery center where her procedure would be performed.
Negotiating cash pay prices for medical treatment has become a common practice. Even if you have health insurance you may want to pay cash. Often a cash pay price for medical care can be less than what you’d have to pay if your health insurance gets involved.
But be aware, cash pay discounts only work if your provider does not submit your bill to your health insurance company.
According to Gerald Kominski, director of the UCLA Center for Health Policy Research “If your insurance has a high deductible you should always ask for the cash price.”
After my family’s past health insurance company pulled out of the health insurance market at the end of 2015, we went with a Blue Shield plan. Our premium increased $125 a month and the plan covers less. Our deductible is higher. And they deny most medications.
This year, Blue Shield denied a medication I’ve been taking for years. Even after my doctor filed an appeal, they refused, suggesting I try similar medications that are obviously less expensive for them and not what my doctor prescribed.
I decided I was not going to let Blue Shield dictate my treatment if I could help it. I spoke to my pharmacist and asked what the cash pay price would be for the medication without submitting to our health insurance. The quote was too expensive to pay on a monthly basis. So I called a few pharmacies and asked for their cash price for my medication. I took the lowest price back to my pharmacy and asked if they would match it. They agreed.
You too can shop around for cash pay prices and not just for medications, but for other medical services. For example, if you need an MRI, call a few imaging centers and ask for their cash pay price. Be sure you make it clear you do not want it submitted to your health insurance. You can then negotiate with the provider of your choice.
- Offer to pay up front at the time of service in exchange for a discount cash pay price. Medical providers wait long periods to get paid by health insurance companies and some welcome being paid quickly.
- Offer to pay the equivalent in cash to the price your doctor or other healthcare provider might receive from your health insurance company. What many patients don’t know is that health insurance companies don’t pay what doctors or other providers bill. Health insurance companies negotiate a reduced fee so the provider is paid quite a bit less than what is initially invoiced. In anticipation of the reduced payment from health insurance companies, doctors and other medical providers increase the amount of the patient’s bill, according to Medical Billing Associates. Cash pay patients will be charged the same fee unless the patient negotiates a cash pay discount.
- Do not use a credit card as credit card companies tack on a fee, charging the end user a percentage of the bill. Offer to pay in cash, check or cashier’s check. My husband’s anesthesia bill from his surgery was paid by our past health insurance company with a credit card. The anesthesia group tacked on a $45 additional fee for credit card processing onto our bill. I put a stop to that. So can you.
- Go to Healthcare Blue Book, Clear Health Costs or New Choice Health and look up the desired medical service to get an idea of how much local doctors and hospitals charge for what you need. You might find that there are vastly different prices for procedures done in academic medical centers vs. surgery centers etc.
- Negotiate a cash price before you have a medical procedure. Be sure to get the name of the person you negotiated with at the medical provider’s office, and the exact price and date of the discussion.
- Ask about cash pay prices for other providers involved in your surgery or procedure. I’ve found that anesthesiologists are often not covered by health insurance. If you are negotiating a cash price don’t forget to ask to speak to the anesthesiologist too.
- You can negotiate a cash pay price after a procedure or treatment, but it’s easier ahead of time. If you receive medical bills from a hospital, per say, you can still ask for a discount. Try this: “I can pay 30% of the bill now if you will write off the rest.” If they do not agree, they might come back with an alternative reduction you find acceptable.
If you think that negotiating cash pay prices for medical care has an unseemly quality, you might consider how unseemly it is for health insurance companies to raise their rates at the current pace, how they increase the availability of high deductible plans while making lower deductible plans’ premiums unaffordable to most, all the while narrowing your choice of doctors and hospitals on available plans.
The drawback to “cash pay” for medical services, is that not submitting your claims doesn’t allow you to meet your deductible. If you anticipate a major medical expense, such as a major surgery or hospital stay, you might consider putting your medical services through your health insurance so your high deductible is met. That way the expense has a good chance of being covered. Minus the co-insurance, co-pay, and other deductibles, that is.
Resources for Discounted Medications
- Blink Health https://www.blinkhealth.com
- Good Rx http://www.goodrx.com
- NeedyMeds http://www.needymeds.org
Medical Billing/Dispute Advocates
Medical Billing Advocates of America http://billadvocates.com
Advocates for Arbitration, Lack of Access to Care, Medical Debt, and more.
Patient Advocate Foundation http://www.patientadvocate.org
For more information, please go to www.thetakechargepatient.com
Some say privacy is an illusion. I hope that isn’t true but I do know that our medical records are not safe. Why do I care? Because our medical records contain our social security numbers, health insurance information, our home addresses, phone numbers, emergency contacts and their phone numbers, our email addresses, possibly our driver’s license numbers, and likely credit card payment information if you’ve ever paid your co-pay with a credit card. I know I have.
Your medical record is worth 10 times more to a cyber criminal than your credit card number. And with healthcare’s mandatory transition to electronic medical records, cyber thieves have taken full advantage.
If you think major institutions are immune to cyber attacks, think again. You might recall the cyber attacks on our U.S. government. One in particular compromised personal information on 22.1 million people and 5.6 million fingerprints were stolen.
No doubt you’re aware of the major ransomware attacks on hospitals across the country where cyber criminals seized patients’ electronic medical records and held them for ransom to be paid in Bitcoin. See article here http://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/
According to the Ponemon Institute’s Fifth Annual Study on Medical Identity Theft, 90 percent of healthcare organizations have been hacked, exposing millions of patients’ medical records.
You probably remember the major cyber attacks on the three major health insurers, Blue Cross Blue Shield where over 10 million patients’ medical records were exposed.
According to Modern Healthcare, nearly one in eight patients have had their medical records exposed in breaches in the United States. Since that article was published in 2014, that number has likely doubled.
You might be asking yourself, “What could cyber criminals do with my personal information housed in my medical records?”
Cyber criminals can monetize your personal information to obtain credit cards or loans, to commit tax fraud, send fake bills to insurance providers, acquire government benefits from Medicare and Medicaid, and much more. Your personal information can also be used to purchase healthcare services, prescription medications and medical equipment. It can also be used to obtain your credit report.
The above can also corrupt your medical history with inaccurate diagnoses and treatments.
According to the same Ponemon Institute study, 65 percent of medical theft costs each victim $13,500 to resolve the crime.
This is pretty scary stuff. I’ve heard from friends and colleagues that they can only take in small amounts of information because it’s so frightening and they feel it’s beyond their control.
There is something you can do.
It is up to doctors, hospitals, and other healthcare organizations/companies to secure their electronic medical records, back up hard drives, use secure cloud platforms (if there is such a thing,) encrypt emails, update software and more. Many just aren’t doing it.
According to the HIPPA Breach Notification Rule, a hospital or health insurance company that has been victim to a security breach, must inform patients, if more than 500 people have been affected. Unfortunately most do not. Patients find out about errors on their Explanation of Benefits (EOBs,) in letters from collection agencies, by finding mistakes in their health records or on their credit reports.
As a patient you are at risk. So am I. And we are all patients even if we just see a physician once every year or two. Had a baby? Had a vaccine? Been treated for the flu? All of us are patients and have been since we saw pediatricians as kids.
What You Can Do to Protect Yourself
- Read your Explanation of Benefits (EOBs) that come from your health insurance plan. Call your health insurance company if you do not recognize a charge. Check for total amount covered and amount paid.
- Get copies of your medical records from doctors and review them for errors. Look out for misdiagnoses, incorrect pre-existing conditions, procedures you didn’t have, incorrect treatments, allergies you weren’t treated for, and more. If you have trouble understanding your medical records, ask your doctor or his/her nurse to help you understand the information.
- Monitor your credit reports and billing statements for errors.
- Do not give out your social security number to anyone unless absolutely necessary. Often the last four digits will do.
- If you have your medical records or any personal information on your smart phone, be careful about using public Wi-Fi. If you send or receive an email or browse the internet while using public Wi-Fi, a hacker can eavesdrop on your transmission and gain access to the information on your device.
- Be wary of health apps. Generally, apps are not secure. See article here http://www.martineehrenclou.com/healthcare-data-mining-is-your-patient-privacy-being-breached/
- Be wary of public Wi-Fi. This includes any hospital. If you are a patient or visitor at a hospital, make sure the Wi-Fi is encrypted. If it is encrypted it will require a WPA or WPA2 password. Even if encrypted, think twice about sending any personal information via email or text while you are there.
- Set your laptop or computer to manually select the public Wi-Fi network in the healthcare facility you are in.
- Look for web addresses that begin with https. These are more secure.
- Do not share personal information on file sharing sites. Often they are not secure, according to Becker’s Hospital Review, 10 Ways Patient Data is Shared With Hackers.
1. Keep your firewall turned on.
2. Install and/or update your antivirus software.
3. Keep your operating system up to date.
4. Be careful what you download.
5. Turn off your computer at night.
For more information on cyber attacks, cyber security, data mining and patients medical records, see the following:
Rapid Increase of Cyber Attacks http://www.martineehrenclou.com/rapid-increase-of-cyber-attacks-on-patients-medical-records-8-tips-to-protect-your-data/
Patients’ Medical Records hacked at Alarming Rate http://www.martineehrenclou.com/patients-medical-records-hacked-at-alarming-rate-tips-to-protect-yourself/
Healthcare Data Mining: is your privacy being breached? http://www.martineehrenclou.com/healthcare-data-mining-is-your-patient-privacy-being-breached/