october 18, 2005 robert s. brown uw medical center identity theft so, what you gonna do about it?
TRANSCRIPT
![Page 1: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/1.jpg)
October 18, 2005Robert S. Brown
UW Medical Center
Identity Theft
So, what you gonna do about it?
![Page 2: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/2.jpg)
The Law
RCW 9.35.020: No person may knowingly obtain, possess, use, or transfer a means of identification or financial information of another person, living or dead, with the intent to commit, or to aid or abet, any crime.
![Page 3: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/3.jpg)
The Costs
$53 Billion per year nationwide Loss of good will = loss of business?
![Page 4: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/4.jpg)
The Methods
Phishing has replaced dumpster diving Other methods include:
– Shoulder Surfing– Skimming (data device on an ATM)– Social Engineering (think Mission: Impossible)– Mail Theft (old fashioned but it works)– Retail Theft (stealing, hacking, conning, bribing)– Plus a zillion other ways your data gets stolen
![Page 5: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/5.jpg)
Two likely scenarios at UWMC
1. Care Recipient is an identity thief
2. Inside job (or hacker)
![Page 6: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/6.jpg)
Care Recipient is an identity thief
Duty to notify the victim– Do not share PHI unless permitted by law
RCW 70.02.050 HIPAA
– Consider notifying law enforcement– Share handout explaining what you will do, what
they can do (e.g. FTC’s excellent white paper)– http://www.consumer.gov/idtheft/
![Page 7: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/7.jpg)
Care Recipient is an identity thief
Need to mitigate the damage– Amend medical records– Notify internal departments– Promptly investigate & notify the victim of your
findings and actions taken to fix
![Page 8: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/8.jpg)
Employee is the Identity Thief
Investigation policy?– Who is on point?– Who should you alert?– How will you summarize at conclusion?
Sanction policy?– Does it explicitly address ID theft?– Will the penalties meet the Seattle Times test?
![Page 9: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/9.jpg)
Summary
Review the laws:– RCW 9.35– HIPAA– RCW 70.02.050
![Page 10: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/10.jpg)
Summary
Be proactive in protecting data Be diligent about investigating Create policies now
![Page 11: October 18, 2005 Robert S. Brown UW Medical Center Identity Theft So, what you gonna do about it?](https://reader036.vdocument.in/reader036/viewer/2022083008/56649ea15503460f94ba4a15/html5/thumbnails/11.jpg)
UW Medical Center
Rob Brown, Assistant Director of Compliance206.598.4342 [email protected]
Ellen Rubin, RN, Privacy Officer206.598.5701 [email protected]