您可以通过执行 SSN 验证来检查一个人在美国的社会安全号码 (SSN)。SSN 验证有助于使用社会保障管理局 (SSA) 提供的信息和号码分配方法来识别无效的 SSN。SSN 验证可以对 2011 年 6 月 25 日之前签发的任何 SSN 进行，并确定签发年份和状态，并检查 SSA 死亡指数以帮助检测异常情况。
如果您确实依赖供应商，请相信但要验证检查是否已执行。在 Kroll 报告中，不到一半的受访者 (44%) 不需要供应商提供员工背景调查的证明——这可能会造成安全漏洞。
So, it may come as a surprise that a recent 2012 Kroll Advisory Solutions Report on the health care industry shared that increased compliance standards regarding data security hasn’t necessarily increased the safekeeping of protected information.
In the Kroll Report, 79 percent of survey respondents reported that a security breach was perpetrated by an employee and 18 percent of respondents that experienced a breach in the past 12 months cited third-parties as the root cause.
Lisa Gallagher, senior director of privacy and security for the Healthcare Information and Management Systems Society (HIMSS) stated in the press release on the Report that “Healthcare organizations need to ensure that their business associates are taking every precaution to safeguard this information. We know that most security breaches often are the result of actions taken by employees, so background checks, employee training and continued monitoring of policies and procedures are steps all covered entities should ensure are taken by their business associates.”
What types of background checks should organizations consider performing on employees and contingent workers (e.g., vendors, contractors, consultants, temporary workers, and volunteers) to mitigate the risk of an individual either intentionally or unintentionally perpetrating a data breach?
Here are five background checks that you might want to consider adding to your current screening program:
Validating the identity of an individual is an important component of a background screening program. An individual may provide an invalid social security number or government identification card to hide a criminal history, bad credit, or even illegal immigration status.
You can check a person’s Social Security Number (SSN) in the United States by performing SSN Validation. SSN Validation helps to identify an invalid SSN using an information and number assignment methodology from the Social Security Administration (SSA). SSN Validation can be done on any SSN issued before June 25, 2011, and identifies the year and state of issuance and checks the SSA Death Index to help detect anomalies.
If the individual lives outside the United States, you may be able to authenticate an applicant’s identity information by checking the government issued identification number provided by the applicant against the name associated with that number to determine if it matches the individual’s name.
Criminal History Check
The last thing you want to do is to hire someone who would be likely to intentionally commit a data breach. A criminal history check reviews potential negative criminal history on individuals that may prevent them from working in certain health care positions.
This check performs a search of federal or state courts, as applicable, in the U.S. that typically contain misdemeanor and felony offenses to identify records relating to an applicant.
Health Care Sanction Check and Monitoring
When patient information falls into the hands of a third-party worker with medical sanctions, a health care company may face serious and expensive consequences. Organizations should confirm if an individual has been sanctioned or excluded from participating in federal and state health care programs or the organization may lose the ability to participate in those programs and face fines and other penalties.
A best practice is a health care sanction check searches the Fraud and Abuse Control Information System (FACIS®), a current and historical database of sanctions, exclusions, debarments and disciplinary actions, for information about an individual. And, performing a health care sanction check on an ongoing basis is required in certain states and a best practice in others.
Adult Abuse Registry Check
Seniors and adults with disabilities are considered vulnerable populations, which makes them susceptible to physical and verbal abuse, neglect, and exploitation. Hiring an employee with a history of committing adult abuse may endanger patients.
Some states maintain an adult abuse registry, and prior to hiring an individual, health care organizations can search the state’s adult abuse registry to determine if a caregiver has been placed on a registry for abuse, neglect, exploitation, or misappropriation of a vulnerable adult.Failure by a health care employer to search an adult abuse registry when required may result in civil or criminal charges.
An adult abuse registry check screens applicable state registries for any records of an applicant who has been identified by state adult protective services to have committed adult abuse.
Extended Worker Background Check
Contingent or extended workers include third-party vendors, contractors, consultants, temporary workers, and even volunteers. When an individual has the same access to patients and patient data as employees, it only makes sense for a health care organization to extend its background screening programto its extended workforce.
Even though it can seem simpler and less costly to rely on a third-party vendor’s word about its own employee background screens, the background information may not be current and the screening package may not be as thorough as the ones that health care organizations use.
If you do rely on the vendor, trust but verify that the checks were performed. In the Kroll Report less than half of respondents (44%) don’t require proof of employee background checks from their vendors – which could pose a security gap.