By Julie-Karel Elkin

A March 7, 2017 news blurb in TBA Today referenced an article from Michael Wyland dated February 24, 2017 from the Nonprofit Quarterly, which cited an online scam. In that article, Wyland said, “A version of this scam was responsible for the discovery of Democratic National Committee official emails that ended up being published on WikiLeaks.” He noted that computer forensic expert Mark Lanterman said, “In 2016, I was retained by four of the top ten law firms in Minneapolis because they fell victim to a W-2 scam.”

Wyland goes on to say that “the first lines of defense are common sense and strong administrative controls. Your organization’s confidential information is an asset that should be safeguarded by allowing as few people as possible to have access to it. Authorized personnel should be trained on the proper handling of confidential information and encouraged to employ proper security safeguards for both paper and digital records. Before replying to an email requesting confidential information, authorized personnel should confirm who is asking and why. This is especially true when the request has not been encountered before.”

In this fast-paced world, there is no substitute for slowing down for just a moment and engaging your brain. The criminals spend all their time trying to figure out how to remove your data from your secure possession, so whenever someone asks for or demands your data, just stop and think for a moment. Perhaps you should make a phone call or get a supervisor to look at the request and where it came from. Whenever I am asked by a client about requests from credit card companies or banks, I tell them to call the main number. It is a quick and easy way to make sure the person you are talking to is the person you want to be talking to about your sensitive matter.  And if someone calls you for information, do not be afraid to say, “I am going to call you back on the main number.” If that is a problem, you are probably not talking to the right person. I recall a time many years ago that I had a problem with my online banking and received a call a day or two later from a gentleman trying to fix the problem. When he asked me for my PIN (personal identification number), I said, “I am going to call you back on the main number,” and he chuckled a little. I called the main line and was routed back to his office phone. I guess he had a chance to think about what I did, and when he answered the phone, he said, “that was very smart.” I thanked him, and we completed our business.

Remember, you are responsible for the data within your control.  How are you going to handle it?  Are you going to respond to a request or demand for data without really thinking, or are you going to slow down, be “very smart,” and use common sense before you let loose of that data?


Julie-Karel Elkin is an experienced litigator who has worked with some of the nation’s largest insurance companies, independent businesses and personal claims. Focusing in negligence and regulatory claims, torts, contract disputes, mediation and administrative processes, she is uniquely qualified to address all aspects of health data needs. She is the head of Spicer Rudstrom’s Health Data practice in the firm’s Nashville office.