Healthcare fraud is costing American taxpayers up to $234 billion annually, based on estimates from the FBI. It’s no wonder that a stolen medical identity has a $50 street value, according to the World Privacy Forum – whereas a stolen social security number, on the other hand, only sells for $1.
One form of healthcare fraud, known as medical identity theft, has its own staggering statistics: 1.42 million Americans were victims of medical identity theft in 2010, according to a 2011 study on patient data privacy and security by the Ponemon Institute. The report estimates the annual economic impact of medical identity theft to be $30.9 billion.
[See also: How politics distort Americans' perception of health reform.]
Medical identity theft occurs when a person uses someone else’s medical record to obtain medical goods or services or to bill for medical goods and services that the patient did not receive. Thieves will also use a person’s social security number to obtain medical services or health insurance.
The harm medical identity theft causes patients With its serious health risks, medical identity theft is far more dangerous than the more well-known consumer or financial identity theft. When a victim’s records are merged with a thief using the same identity, for instance, that record becomes “polluted,” and the victim may be denied treatment or be misdiagnosed based on this inaccurate information. In addition, patients may be denied life insurance or billed for services not rendered. A few real-world examples illustrate the dangers:
Data breaches — A major source of medical I.D. theft Whether caused by theft, loss, human error, or hacking, data breaches put patient data at risk for medical identity theft. The number of healthcare data breaches has risen dramatically, increasing the likelihood for medical identity theft; in 2011, more than 18 million patients were listed on the HHS’ “Wall of Shame” as having their protected health information (PHI) breached. Tighter privacy laws, increased scrutiny from the HHS’ Office for Civil Rights (OCR), and the potential for costly fines make medical identity theft a problem for all healthcare organizations.
[Q&A: How a health 'data spill' could be more damaging than what BP did to the Gulf.]
Three tips for protecting patient data Preparation is the best defense for mitigating the chances of a data breach and the costly consequences of medical identity theft. To start preparing now, we recommend that healthcare organizations:
With its combined financial and health risks, medical identity theft has greater consequences for victims than more traditional forms of identity theft. Healthcare organizations, therefore, have a greater obligation to step up their privacy and security efforts to safeguard their patients’ health information. Protecting a patient’s physical – and financial – well being is, after all, the best form of caring.
Rick Kam, CIPP, is president and co-founder of ID Experts. Rick is also chairing the “PHI Project,” a seminal research effort to measure financial risk and implications of data breach in healthcare, led by the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with the Shared Assessments Program and the Internet Security Alliance (ISA).
Christine Arevalo is director of healthcare identity management and a founding employee of ID Experts. She has experience managing risk assessments, complex crisis communication strategies, and data breach response for healthcare organizations. Source: Government HIT http://www.govhealthit.com/news/glimpse-inside-234-billion-world-medical-id-theft
201 East Main Street, Suite 810Lexington Kentucky 40507
JoinBenefitsLearn More
About UsTerms of Use