A staffer’s increased prosperity might be coming at your expense. Sudden and unexplained personal spending on the part of a staffer can be a warning sign that embezzlement may be taking place, but there’s another and sometimes even more damaging explanation that you should be concerned about – employee patient data theft.

The theft of confidential and legally-protected patient data is on the rise and is already extremely widespread – millions of patient records have been compromised and the costs to the associated practices are many millions of dollars. Some schemes involve employees selling records as “leads” to unethical lawyers or others.

Your controls over patient data are as important as your practice’s financial controls.  Every practice should have well-defined policies with respect to accessing patient data – e.g., inappropriate accessing of patient data is grounds for dismissal.  Practice administrators and physicians should periodically audit how many (and which) patient records employees access – ask your software vendors on how best to generate the necessary reports.  Any device that can be stolen, accessed remotely or have data copied from it is a potential vulnerability.  I recommend every practice conduct a thorough assessment of the risk of patient data theft every year.

About the Author: Joe Capko