For day 2 of Global Security Week I want to highlight the growing problem of medical identity theft…
Over the past few years, the numbers of people in the U.S. who are having a hard time getting health care has grown astronomically. The answer for many who are desperate, and many who see this as an opportunity, has been to take and use the identities, and health coverage, of others. This, as a very simplistic description, is medical identity theft.
Medical identity theft is on the rise:
- The medical identities of 250,000 to 500,000 people are stolen each year.
- Thieves can sell identities for $5 to $50 per name.
Not only can medical identity theft impact the victims’ credit reports, potentially take money from their bank accounts and have other financial impacts, it can also cause dangerous changes in the victims’ medical records.
It has always been a concern of mine, and many others, that lack of security controls within computer systems, over physical files and docuuments, and lack of privacy protections can have real, physical impact upon people. For example…
- Consider how some small modifications to the hospital databases for the amounts of medicine to administer to the patients could have insidious widespread and lethal impacts.
- Having medical files modified and/or falsified by unauthorized persons, can then result in the real persons receiving the wrong, potentially fatal, medical treatment based upon the modifications in the records.
- Changes to insurance billing codes can impact care that is approved or not approved to be covered by your insurance.
- Someone else using your insurance can result in your insurance caps being maxed out, leaving you with no insurance coverage when you need it.
- Changes to your medical files can even give you problems with getting employment, insurance and even problems with law enforcement if someone else’s drug problems or abuses are put into your medical files.
- And many more possibilities…
Medical identity theft happens more often than you may remember seeing it talked about in the news. For example, in April 2008 at the New York Presbyterian Hospital a patient admission representative accessed 49,841 patient records through the patient registration system to which he had authorized access, and then sold the records to people he reportedly knew were going to commit crimes using the information, including medical identity theft, financial identity theft and fraud.
Just a few days ago there was a very interesting interview posted on the WorldHealthcareBlog about medical identity theft; “Is that patient who he claims to be?”
Here are a few places where you can find more information about medical identity theft:
- American Health Information Community (AHIC) testimony on electronic trust architectures and patient identity proofing
- Electronic Health Records and the National Health Information Network: Patient Choice, Privacy, and Security in Digitized Environments. Testimony before the National Committee on Vital and Health Statistics (NCVHS)
- FTC consumer information about medical identity theft
- MSNBC News Report on Medical Identity Theft: “More doctors, insurers asking, ‘Who are you?‘”
- WebMD Medical Identity Theft report: “The Scary Truth About Medical Identity Theft“
- Why Many PHRs Threaten Your Privacy.
- World Privacy Forum information: Medical ID Theft: The Information Crime that Can Kill You. The medical identity theft report and FAQ for victims.