Q&A with Cori H. Loomis
Health providers must notify
patients of identity theft breach
Q: The recent news reports that Chinese hackers stole 4.5 million patient names, Social Security numbers, addresses, birthdays and telephone numbers from Community Health Systems, which operates 206 hospitals across the U.S., including 10 in Oklahoma, has highlighted the risks associated with identity theft and its consequences. Will patients whose information was stolen be notified?
A: Yes. Health care providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to notify patients when their protected health information is compromised as a result of a breach. However, HIPAA permits providers as much as 60 days to notify. Therefore, consumers should be proactive in trying to minimize any negative ramifications.
Q: What are the risks to consumers of having their Social Security numbers (SSNs) stolen?
A: A thief can use your SSN to file a tax return to receive your refund. A thief also can use your SSN to apply for and get a job. This results in misreporting of your earnings for tax and Social Security purposes. A thief also may use your SSN to apply for credit, run up bills and then fail to pay them, which then ruins your credit.
Q: What should a person do who knows their SSN has been stolen?
A: The Social Security Administration has a helpful booklet on its website at ssa.gov/pubs/EN-05-10064.pdf. It recommends: reporting the identity theft to the Federal Trade Commission at (877) IDTHEFT or www.idtheft.gov; if you may have tax issues, contact the IRS at irs.gov/uac/Identity-Protection or (800) 908-4490; file an online complaint with the Internet Crime Complaint Center at ic3.gov; and monitor your credit report periodically at annualcreditreport.com. If you have actual evidence that your SSN is being misused, you can apply for a new SSN from the Social Security Administration.
PAULA BURKES, BUSINESS WRITER