It’s no surprise that medical identity theft is increasing. But the extent to that spike since just last year and the increasing value of medical information to criminals are startling indeed.
“There’s a market for this information and I think it’s fair to say that’s driving this crime,” said Larry Ponemon, chairman and founder of the eponymous Ponemon Institute. Consumers are all-too-rarely aware of medical ID theft in the age of EHRs and, what’s worse, even the victims tend not to report such crimes to law enforcement. Those factors combined with “poor authentication on the part of hospitals and providers creates a perfect storm for fraud.”
The Ponemon Institute’s 2013 Survey on Medical Identity Theft, in fact, found a 20 percent increase over last year’s report.
[Related: Healthcare IT News' Erin McCann delves into Ponemon report's facts and figures.]
Ponemon pointed to the consistent statistic year in and year out that medical ID theft “is not a crime that focuses on the affluent, the wealthy or people of means.” Criminals concentrate, instead, on people covered by Medicare and Medicaid, seniors, people who are vulnerable because of disease, many of whom basically don't have the resources to investigate or fix problems that arise.
That said, Ponemon and Rick Kam, president and co-founder of ID Experts shared three relatively easy steps consumers can take to spot medical ID theft.
- Request a copy of all services your insurance company paid for in the prior year. The most important step is the basic blocking-and-tackling of knowing how to obtain your personal explanation of benefits.
- Review your explanation of benefits. Look for suspicious transactions or inaccuracies and, if you find any, contact your doctor and insurance company to correct them. Kam advised consumers to make sure the insurance company has not paid for any service, prescription or care that you neither received nor authorized.
- Protect your health insurance number. “It turns out,” Kam explained, “that this specific identifier is one of the high-value targets for a medical identify thief or crime rings.” Twenty-eight percent of respondents to Ponemon's survey said that the theft happened as a result of a family member misusing someone's credentials, whether to access care or obtain prescription drugs.
Fighting back at medical ID thieves is not just a one-sided war. Ponemon called on hospitals to practice stronger authentication, even basics such as requiring patients to show photo identification before visits, but he also urged the public to take more responsibility for identifying a likely identity crime.
“The confluence of electronic health records, PHI, the value of those records to organized crime and other bad actors is all coming to a head around medical ID theft and medical fraud,” Kam said. “This is one of, if not the only, areas of security and privacy where it’s actually possible to pose risks to your health. Literally, medical identity theft can kill you if your medical results get compromised or as a result of it you get prescribed the wrong medication or treatment.”
[Think it couldn't happen? Why some providers might be ripe for a medical records heist.]
And to protect those vulnerable medical ID theft victims, a group of nearly 20 organizations — spanning federal agencies including the FBI, Veteran Affairs, as well as technology vendors and healthcare providers — have joined forces to forge the Medical Identity Fraud Alliance (MIFA).
The net of the idea behind MIFA, Kam explained, is for those stakeholders to come together, share resources and best practices, sponsor things like the aforementioned Ponemon study so the industry gains insights into the extent of the problem and, ultimately, direct more efforts toward stopping medical ID theft and fraud.
Related articles:
Q&A: Health org's don't protect patient data for reasons 'going back to the industrial revolution'
Q&A: How a health data spill could be more damaging than what BP did to the Gulf
