Q&A with Cori H. Loomis
Health providers must notify
patients of identity theft breach
Q: The recent news reports that Chinese hackers stole 4.5 million patient names, Social Security numbers, addresses, birthdays and telephone numbers from Community Health Systems, which operates 206 hospitals across the U.S., including 10 in Oklahoma, has highlighted the risks associated with identity theft and its consequences. Will patients whose information was stolen be notified?
A: Yes. Health care providers are required by the Health Insurance Portability and Accountability Act (HIPAA) to notify patients when their protected health information is compromised as a result of a breach. However, HIPAA permits providers as much as 60 days to notify. Therefore, consumers should be proactive in trying to minimize any negative ramifications.
Q: What are the risks to consumers of having their Social Security numbers (SSNs) stolen?
Continue reading this story on the...