From keeping up with the latest technologies to providing top-notch patient care, there's no doubt that healthcare industry professionals have a lot on their plate these days. But, would you imagine that one of their major concerns has nothing to do directly with patient care? Healthcare practices are spending large amounts of time and money keeping their practices compliant with the latest HIPAA regulations, and working hard to prevent a new trend in crime - medical identity theft. While it may not be making mainstream headlines, according to Javelin Strategy and Research, fraud resulting from exposure of health data has increased 112% year over year, from 3% in 2008 to 7% in 2009. To put this stat in perspective, medical identity theft is regarded as the fastest growing form of identity theft in America today and it is estimated that each year 250,000 to 500,000 people become victims of medical identity theft. Just like identity theft, medical identity theft is the act of stealing medical records or medical information of a patient. Both the medical facility and the patient suffer great losses once they are victimized by this type of crime. Imagine this scenario - when you check your mail one day, you find a giant bill from a hospital emergency room, yet you haven't been to the doctor for anything other than a routine visit in years. So where did this five-figure bill with your name on it come from? The answer -someone stole your information and used it to obtain medical treatment and/or prescription drugs. Unfortunately, medical theft is a growing epidemic and is largely attributable to the large volume of paperwork medical providers are required to keep, in order to maintain 100% HIPAA compliance. Instances of medical identity theft are commonly reported when:

• Patients' records are accidentally faxed or mailed to the wrong person

• Medical records are stolen and misused after being disposed of improperly

• Laptops containing confidential information or medical records are lost or stolen

• Medical files left unattended in file rooms, on staff desks and in door folders; or unrestricted physical access to sensitive medical files.

While these security breaches might sound relatively innocuous, they are a huge concern. Not only does the medical facility face damage to their reputation and restitution fees, but also HIPAA has enacted legislation over the last year that makes such breaches very expensive - and on a punitive scale. Even worse, the victim may not realize the crime has occurred immediately due to lags in billing cycles so the theft is larger and potentially more costly. As if these scenarios aren't nightmarish enough, add the fact that someone's medical records could be tampered with, leading to improper medical care or misdiagnosis. With these costs to both victims and facilities in mind, preventing medical identity theft must be a high priority for medical facilities. It's especially critical for smaller practices to take precautionary measures because they may have fewer internal protocols to protect patients...and shallower pockets to weather such an event. Ways to reduce medical identity theft include:

• Developing stringent and enforceable policies regulating access to sensitive patient information, as well as the protocols for authorization and authentication of individuals accessing health information.

• Designating an annual budget for security management systems

• Training employees on current HIPAA legislation and ensuring it is followed

• Destroying sensitive documents in a timely manner

• Partner with a document destruction specialist to audit your operations to help your organization identify gaps in security.

These preventative measures are a great starting point towards safeguarding sensitive information, but implementing some (or all) of them may not be feasible. For example, staying abreast of HIPAA legislation and what it means to be compliant is an ever-changing target. Over the last 18 months, new legislation has been passed that protects the patient- and places a greater burden of compliance on the practice. One way medical practices can lighten the load of compliance and reduce the risk of identity theft is to destroy these copious amounts of confidential patient paperwork. Simply put, sound document destruction practices play a large role in protecting patients' privacy. Properly destroying paperwork that can't be reconstructed often requires professional-grade equipment plus a secure shredding environment. Professional document destruction services can offer these security redundancies plus screened employees who are trained in the latest updates to compliance legislation. To be clear, not all document shredding services adhere to such rigorous standards so it's critical to research such a provider. Once such a quality shredding provider is inserted the document destruction process of a hospital or medical practice, the facility can expect to reduce its exposure to medical identity theft. This shift in thinking and operations does more than protect the medical facility - it protects the patients.