Protected Health Information (PHI) is defined as personally identifiable health information collected from an individual, and covered under one of the state, federal, or international data breach disclosure laws for the healthcare industry.
PHI is not limited to patient family history, demographic data, insurance information, medications, DOB, right down to a patient’s dental x-rays. Starting with that - bad actors can build enough information to completely steal a patient’s identity and commit
Account Takeover Fraud
Government Benefits Fraud
IRS Tax Refund Fraud
New Account Fraud
Senior Citizen Scams
And Many Other Scams, Crimes, And Cons
The 1996 Health Insurance Portability and Accountability Act (HIPAA) grants patients broad privacy rights, as well as the right to examine their own medical records. But patients don't necessarily have the right to correct errors or even prevent errors from being passed along to other providers. That's because health care providers aren't required to amend records that did not originate with them. Victims can spend years expunging bad entries only to discover a mistake that reappears later -- transferred from a record that wasn't noticed earlier.
Doctors are understandably reluctant to expunge any medical information from a file, because it could expose them to liability. For example, if a physician prescribed OxyContin for severe back pain to an imposter, and the back pain was not in the Ginicoe authenticated member’s patient record, officials could question the reason for the prescription, which would still be on file at the pharmacy.
Ginicoe can help! We expand beyond Knowledge Based Assessment (KBA) questions. We provide autonomous and semi-autonomous agent products to you for
Biometric facial recognition (BFR) is deployed for all your digital and non-digital patients to health care agent types - that includes every covered entity, all 5,627 registered U.S. hospitals, Doctor Offices, dentist offices, Nursing and residential care facilities, neighborhood vans, buses, and RVs, mobile phone healthcare, scheduling admins, ambulatory healthcare services, health insurance organizations, claims processors, billing services, social assistance, benefits managers, medical devices, and courier services that handle PHI without acting as medical care providers, VA Hospital, medical technician, health care administrator, and pharmacist.
THE COSTS OF FRAUD
Healthcare data breach costs leads the United States as the highest type of data breach. It represents 27 percent (27%) of all data breaches. Health Care data breaches costs $408 per capita. U.S. healthcare data breaches cost more than 2.5 times the global average overall cost at $148 per record. Also, within healthcare, the per capita cost has increased by $11 compared to the four-year average of $369.
U.S. companies reported paying over $690,000 on average for notification costs related to a breach - which is more than double the amount of any other country.
The National HealthCare Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year.
Financial losses caused by health care fraud are only part of the story. Health care fraud has a human face. Individual victims of health care fraud are everywhere. These are people that Ginicoe cares about who are exploited and subjected to unnecessary or unsafe medical procedures. Or whose medical records are compromised or whose legitimate insurance information is used to submit falsified claims.
If you are just starting out to protect yourself from fraud or if you are researching how you can plug up the holes in your existing layers – Ginicoe’s Identity verification will help you prevent:
A. Insider threats against internal channels, is a huge challenge for healthcare providers.
B. External channels, partner and collusion channels also represent how wide the threat surface is for stolen PHI.
Our findings show that healthcare providers that layer solutions by identity verification and agent type experience fewer issues and lower the cost of fraud with improved risk management tolerance levels.
They experience fewer false id theft complaints.
There are fewer manual reviews required.
The cost of fraud is less.
There is improved HIPPA, HITECH, HHS, VA, AOD, and related compliance.
There is increased focus on treating the correct patient with the correct ailments.
There is significant increase in shareholder value.
There is significant increase of patient, shareholder, and employee retention.
There is reduced internal fraud and churn.
There are reduced errors & bureaucracy due to patient’s opt-in with our National sharing dBase of PII across groups, divisions, business units, government ACA single payer, and approved covered entities.
There is reduced malpractice exposure due to fraud.
There is reduced reputational damage.
There are reduced operational costs.
Our Biometric Facial software suite works as a multi-layered gatekeeper with our patented advanced identity verification, identity authentication, and fraud transaction risk assessment.
Identity verification / authentication is important for “letting your customers in” with the least amount of friction and risk. Transaction –related fraud is about keeping the “bad guys out”.
Our autonomous and semi-autonomous products empower you to view all customer faces, randomly select customer faces, or view no customer faces at all, dependent upon your local healthcare policy. We are agile and keep you the healthcare professional as our highest priority to satisfy you, dependent upon your specific use case, through early and continuous delivery of our patented suite of identity verification tools. Ginicoe’s patented layered approach solves this for you.
Our patented solution will increase your customer trust and loyalty plus increase your revenue plus grow your market share all while reducing your fraud costs and risk threshold. This is why we are distinguishable.
PRICING FACIAL BIOMETRICS
IN YOUR DIGITAL and NON-DIGITAL CHANNEL
ELITE - Internal Fraud
One type of internal healthcare fraud are accidents or mistakes that encompass unintentional employee actions, third-party snafus, and stolen computing devices. The second type of internal healthcare fraud are malicious actions whose unilateral intentions are to cause harm to your organization that encompass bored employees, depressed, frustrated or angry due to a circumstance where they believe they were not treated fairly.
These two types of internal fraud account for the lion’s share of health care related data breaches. In fact, 36 percent of healthcare organizations and 55 percent of all others that handle PHI without acting as medical care provider, named accidental employee actions as a breach cause.
If caused by human error, employee misuse, or malicious intent, the healthcare industry is its own worst enemy when it comes to data breaches, and is nearly seven times (7x) more likely to experience a casual error or mishap than any other industry.
Ginicoe can help. We will not protect your computers, but we will augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII when that data breach occurs.
If you are on this list, or your business model or products are similar, you should contact us
Acute care surgery
Moda Health Plan
Barnes-Jewish Hospital (St. Louis)
Brigham and Women's Hospital (Boston)
Carolinas Healthcare System
Cedars-Sinai Medical Center (Los Angeles)
Defense Health Agency
Department of Labor
Diagnostic Sleep Studies
Duke University Hospital (Durham, N.C.)
Federal Employees Health Benefits
Hospitals of the University of Pennsylvania
Hospital Special Surgery
Humble Surgical Hospital
Los Angeles Hospital
Massachusetts General Hospital (Boston)
Mayo Clinic Hospital (Phoenix)
Medicare Part D
Metro Health Center
Michigan Medicine (Ann Arbor)
New York Presbyterian Hospital (New York City)
NYU Langone Hospital (NYC)
Northwestern Memorial Hospital (Chicago)
Obstetrics and Gynecology
Office of Worker's Compensation
Optimum Health Care
Pacific Alliance Medical Center
Pain Care Clinic
San Francisco General Hospital
Skilled Nursing and Rehabilitation Therapy
Smidt Heart Institute at Cedar Sinai
Stanford (California) Hospital
The John Hopkins Hospital (Baltimore)
The Mount Sinai Hospital (New York)
-Penn Presbyterian (Philadelphia)
UCLA Medical Center (Los Angeles)
UCSF Medical Center (San Francisco)
UnitedHealth Medicare Advantage
UPMC Presbyterian Shadyside (Pittsburgh)
Vanderbilt University Medical Center (Nashville, Tn)
Weill Cornell Medical Center (NYC)
PLUS - External Fraud -
The bad guys may use ransom ware, email phishing attacks, user error, social engineering, malware, key loggers, faxes by email, Internet of Things (IoT), shoulder surfing, social media, persuasion/coercion, reverse social engineering, dumpster diving, phone based attacks, sexual solicitation, amber alerts, charity solicitations, false news articles, fake Facebook groups, fake login screens, please send money, open roof doors, rogue access points, or any combination of these and others that our healthcare associates are well versed on – never-the-less they ALL lead to the same objective: They want your patient’s PHI & PII sensitive information including medical diagnosis, names, date of birth, medical record numbers and social security numbers. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII.
If you are on this list, or you have 3rd party relationships or your products are similar with those listed below, then you should contact us.
Advanced Data Systems
Allscripts Healthcare Solution, Inc.
Ambient Clinical Analytics
Avec Health Solutions
Axial Exchange Inc.
College Park, Inc.
Computer Programs & Systems, Inc.
Conifer Health Solutions
Conifer Health Solutions
Epic Systems Corp
G Medical Innovations
Global Supply Chain
Greenway Health LLC
i2i Population Health
Greenway Health LLC
i2i Population Health
Medical HealthCare Solutions
Merge HealthCare Inc.
Newport Credentialing Solutions
ONLYX Healthcare U.S.A., Inc.
Otto Bock HealthCare
Practice Fusion, Inc.
Quality Systems, Inc.
Scribe Technology Solutions, Inc.
Self Care Catalysts
Sensogram Technologies, Inc.
TCS Healthcare Technologies
Waldemar Link GmbH & Co. KG
STANDARD – 3rd Party Partners & Health Plan Exposure –
The nature of patient interaction with these 3rd Party partner relationships and the potential impact the relationship has on your healthcare covered entity creates a large threat surface where you are responsible. The 3rd party is not subject to specific laws and regulations regarding HIPPA, HITECH, COPPA, etc., yet independent practices rely on them for much needed resources and expertise. One such use case is a third party HVAC central station that ties into your network via the IoT, yet may leave your PHI & PII exposed through a backdoor. Unlike you, they may not be publically traded, and thus their low security standards place you on the hook in the event of a data breach exposing patient’s sensitive information. The same may hold true on reliance of subcontractors and countless other 3rd party partners, HMOs, health plans, and similarly situated entities with low to zero security preventive solutions. Ginicoe can augment your existing security approach and serve as an additional preventive layer to protect your patient’s PHI & PII
If you are on this list, or your business model or products are similar, you should contact us.
Blue Cross Blue Shield Independence Blue Cross
Blue Shield of California Kaiser Permanente
Care First Medigap
Centene Corporation NoMoreClipboard
Health Care Service Corporation (HCSC) United HealthCare
ESSENTIAL - Collusion Exposure –
The difference between collusion and insider threat is where at least two people have knowledge of the bad act and typically one is an insider and the other is an outsider external away from the covered entity. In other words, it is not a unilateral bad act as in the case of internal fraud, nor is it an accidental mishap.
An insider within a radiology department of a hospital accessed patient records for the purposes of committing credit card fraud. He used a co-worker’s unlocked workstations to look up information whenever they stepped away. He then colluded with a former employee to apply for credit cards in patient names.
If your HR department has churn and especially high churn or your procurement department outsources at least one service or product to 3rd party partners, you should contact us if your wish to protect your covered entity regarding:
Every employee Every former 3rd party partner
Every former employee Every contractor or subcontractor
Every 3rd party partner Every former contractor or subcontractor
Autonomous Agents - Merchant agent networks may be considered to be implementations of machine learning systems, spiders, crawlers, bots, artificial neural networks, perceptions, or Bayesian reasoning networks. Because these agents can exhibit the functional architectures and behaviors of autonomous machine learning mechanisms they are goal based and self-contained. These agents may be backward looking as in the case of neural networks where the machine is trained on customer’s past behaviors, or they may be forward looking as in the case of branch predictions and artificial intelligence (AI). This typically occurs in a digital channel often supplemented with an external webcam, mobile phone camera, IP camera, kiosk camera, or similar image receiving mechanism. As described below, the distinction between autonomous and semi-autonomous is entirely dependent upon the user’s security policies.
Semi-Autonomous Agents – simply put this merchant agent performs with all of the attributes of an autonomous agent yet with the exception of persistent notification to a user. In other words, it is not self-contained. It may be appreciated, that a semi-autonomous agent may behave on each and every customer at one extreme or some random number of customers or other attributes, such as geographic, demographic, etc. at the other extreme. This is dependent upon the user’s security policies, labor intensity, peak traffic times, regulatory compliance factors, budgeting constraints, customer acceptance, and any number of countless other factors. For example, ATMs were mainstreamed in the 1980s as a replacement for tellers, yet 30 years later, tellers are still with us because customer’s still prefer some degree of human interaction. Semi-autonomous agents typically occur in a non-digital channel such as a patient walk-in, yet may perform also in a digital channel such as a patient walk-in that interacts with their remote primary physician via a webcam, iPad camera, etc. or the inverse where the physician is at work and the patient is remote and bedridden at home. In either use case, machine and humans are interacting to secure patient data to render a result.
WHY GINICOE IS BETTER
In taking a multi-layered security defense in depth approach, we augment your existing security approach with multi-factor authentication (MFA) and two factor authentication (2FA). We meet then exceed basic regulatory compliance found in HIPPA, HITECH, COPPA, enforced by Centers for Medicare & Medicaid Services (CMS), Office of the National Coordinator for Health Information Technology (ONC), US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and the Health Care Fraud Unit and Strike Force (HCF). Furthermore, we make ourselves available to indirect partners such as the FDA, HICPAC, CDC, and others. Our patented products protect you from lawsuits on so many different levels e.g. breach notification requirements, class actions, patent inducement claims, privacy protections, reputational damage control, increased market share, increased shareholder value, and so much more.
Joe Ryan got a collection notice from a billing agency for Littleton Adventist Hospital near Denver, Colorado. The hospital wanted payment for surgery totaling $41,188. Ryan, a Vail pilot, had never set foot in that hospital. Obviously there was some mistake. "I thought it was a joke," says Ryan. But when he called the billing agency, nobody laughed. Someone named Joe Ryan, using Ryan's Social Security number, had indeed been admitted for surgery. A busy man, Ryan was trying to get his new sightseeing business, Rocky Mountain Biplane Adventures, off the ground. He figured clearing this up would take just a few phone calls. Two years later, Ryan continues to suffer from the damage to his credit rating and still doesn't know if his medical record has been cleared of erroneous information. "I'm desperately trying not to go bankrupt," he says.
This is an example of medical identity theft
Aspire Health, a Nashville-based in-home healthcare provider, founded in 2013 by former Sen. Bill Frist and current CEO Brad Smith. was hacked Sept. 3 as a result of a phishing attack and “lost” some protected health information (PHI), according to a report by the Tennessean.com. Aspire Health learned one of its employees was the victim of an international phishing attack. Aspire is now working through the legal process to determine if any Aspire information was ultimately accessed by a third-party. In the court records filed, Aspire has said it has tried to identify the hacker but so far has been unable to do so. The phishing attack originated from a website with an IP address in Eastern Europe for which Google is the registrar.
This is an example of External Threat
Vanessa works as a registration clerk in a hospital’s emergency room. She is committed to helping patients and the hospital but often feels overwhelmed at the volume of work and information she deals with daily. One day, Vanessa receives a call from a lawyer she knows has volunteered his services at the hospital previously. He explains that if she can supply him a list of patients with specific injuries on specific dates, that he can assist these patients and the hospital with his legal services. Vanessa thinks she is doing nothing wrong, especially since she’s giving the information to a lawyer who has volunteered at the hospital before and who knows many of the executives there. She gives him the data on a weekly basis via copies of printed patient data.
This is an example of social engineering
A front desk coordinator at a medical clinic stole PII of more than 1000 patients which contributed to over $2.8 million in fraudulent Medicare claims. She colluded with an outsider who operated a medical claims service. She printed out over a 1000 records. Controls to limit number of records that could be viewed were in place, however checks and balances or the absence of multi-layered security failed to notice the limit was exceeded regularly.
This is an example of Collusion