Health care fraud and abuse has been in the national spotlight for years. But now that the Affordable Care Act is coming into play, it’s taking center stage.

The Affordable Care Act gives officials tough tools to crack down on groups and individuals who try to defraud Medicare, Medicaid and other types of insurance plans. These tools include technology that’s being used to spot fraud and suspicious activity before any claims are paid.

The law is also creating partnerships between government agencies and private organizations that are working together to fight fraud and health care abuse. One of the more visible examples of this increased collaboration is the Health Care Fraud Prevention and Enforcement Action Team or “HEAT,” which is a joint effort between the U.S. Department of Health and Human Services and the Department of Justice. 

So where do you fit into this battle against health care fraud? What defense counsel advice could you give your clients in this era of increased enforcement?

Join us at the Fraud & Compliance Forum to find out. Experian will be one of the exhibitors at the conference, which will be held Sept. 30-0ct. 2, in Baltimore, MD. The forum is sponsored by the American Health Lawyers Association (AHLA) and the Health Care Compliance Association (HCCA).  It will feature speakers from the Inspector General’s Office, Department of Justice and Centers for Medicare and Medicaid Services, along with private practitioners.

In addition to discussing increased enforcement, there will also be sessions on some of the following topics:

• 50 Shades of Gray: Strategies for hospital-physician alignment in the light of recent developments
• CIAs: What enhanced Corporate Integrity Obligations tell us about OIG expectations for compliance programs
• Compliance, criminal and civil liability for overpayments
• Strategies for a medical necessity case
• Exit strategies for voluntary disclosures

For more information, call HCCA at 888-580-8373 or visit http://www.healthlawyers.org/Events/Programs/2012/Pages/FC12.aspx

It’s safe to say that healthcare data is/are under attack. Breaches of medical records increased 97% from 2010 to 2011 according to HHS data. Statistics like that lend new urgency and importance to gatherings such as the upcoming HCCA 2012 Compliance Institute.

Be prepared: Does your organization observe security protocols and have controls in place to protect patient health information (PHI)?

Have a response plan ready to deploy: In the event of a data breach, the first thing to do is activate your response plan. In general, this plan spells out in great detail everything from who will lead the response team to step-by-step processes for sending out notifications, customer care and more.

Evaluate your situation post-breach: Once you’ve weathered the storm of a data breach and its consequences, take time to review the ways your organization responded and grade your response plan. This is also the time to make changes, small and substantial, to the response plan and implement any other protections or processes that you feel would improve your readiness and ability to respond in the event of another incident.

Look for Experian at the 2012 Compliance Institute in Las Vegas from April 29 to May 1. It’s a great opportunity to immerse yourself in solutions for preventing and managing data breaches, as well as meet experts who can help your organization be better prepared in the event of an incident.

A recent study by Trend Micro indicates data loss is a growing concern for small businesses. The 2010 Corporate End User Study found that close to 60% of business respondents feared that data loss would be the result of data-stealing malware or by intentional or unintentional data leaks outside the company network.  Even though data loss is a big concern, a majority of the surveyed small businesses indicated that they did not have data loss policies or loss prevention education in place.

The lack of data loss policy creates risk for both the small business and the customer.  As I mentioned earlier, a breach may result in reduced customer trust, lost revenue and substantial costs associated with resolving the crisis.  If a small business has limited cash flows, addressing a breach may be what drives the business to close.

Additionally, new data security and notification legislation has been introduced to Congress. The legislation proposes that all businesses that handle personally identifiable information (PII) be required to implement security policies and procedures to protect this information and provide notice in the event of a data breach.  Businesses that do not comply would face substantial penalties.

Recent news indicates the government’s current interest to levy fines against companies that do not follow current law.  The Indiana attorney general’s office is suing health insurer WellPoint for waiting several months before notifying customers of a data breach.

The best approach to avoid violating these new laws is to be proactive. Get a data breach resolution plan in place…before a breach occurs.

A big fear of business leaders and privacy professionals alike is the accidental breach of customer personally identifiable information (PII) either through the loss or destruction of company property, such as a laptop, by an employee.

However, the 2010 Verizon Data Breach Investigations report points to a different data privacy threat that is farther reaching than that of a laptop left on a plane.  The report indicates that organized crime is responsible for 85% of all stolen data in 2009. Cyber-criminals were able to take advantage of login credentials on nearly 40% of the data stolen to potentially inflict credit or financial damages on individuals. However, the study points to 98% of the ensuing data breaches being avoidable through simple controls that were not in place. Read more about this report on CNET.

Does this study indicate that companies are not doing enough to protect their customer data?  According to a 2009 Ponemon study, 70% of IT professionals in the healthcare field, for example, believe that senior management does not view privacy and data security as a top priority. The study also shows that over 60% of IT professionals surveyed believe they do not have enough resources to ensure data security requirements are met.

All too often security is not discussed until a data breach takes place. A breach may result in reduced customer trust, lost revenue and substantial costs associated with resolving the crisis.  It may be time to start the internal conversation to ensure the right systems are in place to protect customer data…before it’s too late.

Smart phones and other wireless devices are increasingly popular among individual and business users with a 64% year over year market share growth, according to Canalys.  As more business users work remotely and travel the use of wireless devices has become a necessity in the workplace to access data. However, using wireless devices presents new challenges to keep transmitted and stored data secure.

Earlier this year, it was reported that several senior level Washington DC politicians purchased iPads and individually set up their wireless accounts using their service provider’s account verification process.  A security company identified a data security flaw and was able to hack the verification process.  This clever hack resulted in the theft of over 100,000 email addresses and unique numbers associated with the devices purchased.  Affected politicians included White House Chief of Staff, Rahm Emanuel and New York City Mayor, Michael Bloomberg.

Individual email addresses and device serial numbers may not sound significant at first glance.  However, nefarious individuals can leverage this data to guess more relevant information such as provider account number…which is linked to personally identifiable information (PII) of the end user.

Defining wireless device use standards is paramount. Corporate executive leadership must enable the communication between leaders in the Compliance, IT and consumer- facing teams to develop standards for device adoption and for how sensitive data is handled or distributed.  Policies and standards must be in place to help prevent the occurrence of a data breach.

What is your company doing to define wireless device usage and data standards?