HIPAA Privacy and Security Reminders – Increased Risk and Consequences of Medical Identity Theft
The 2013 Survey on Medical Identity Theft, conducted by the Ponemon Institute and sponsored by the Medical Identity Fraud Alliance (MIFA), finds that the risk of medical identity theft is increasing, as is the seriousness of the medical and financial consequences for the victims. Clearwater Compliance is a Founding Member of MIFA.
What Was the Nature of the Information and How Many Individuals Were Involved?
The survey consisted of 788 adults who self-reported that someone used their name and personal identity to fraudulently receive medical service and/or prescriptions drugs and goods, including attempts to commit fraudulent billing.
What were the key findings from the study?
- The number of medical identity theft victims is increasing. The base rate for medical identity theft for adults increased 19% over one year, suggesting that over 1.8 million adults were victims of medical identity theft in 2013.
- Victims’ lives are at risk. Half of victims are not aware that their health records might be changed, possibly resulting in misdiagnosis, errors in prescriptions, delays in treatment and mistreatment.
- Half of victims did not take steps to protect against future medical identity theft. Only 40% review their Explanation of Benefits (EOBs) more carefully and fewer have reviewed their medical records.
- It can be expensive. Over a third of the respondents paid an average of $18,660 to resolve the consequences of the theft, including identity protection, legal counsel, reimbursements to providers for services provided to imposters, medical services and medications due to lapse in healthcare coverage.
- Other financial consequences included diminished credit score, lost time and productivity in resolution, and financial identity theft.
- More than half of reported crimes resulted from victims sharing their personal identification or medical credentials with someone they knew or were taken by a family member without consent. Other causes included fake email or spoofed websites, data breach by a provider, a rogue healthcare employee, a lost wallet or mailed statement.
- Discovery of the theft resulted from uncovered mistakes in health records or EOBs, errors posted to medical invoices, receipt of a collection letter, adverse entry on credit report, or alerts from health care provider.
Recommendations to protect against medical identity theft?
- Never share medical credentials with anyone
- Monitor credit reports and billing statements
- Periodically check your medical records with your doctor
- Contract with an identity protection provider
- Report crimes to the police
What Resources Are Available to You?
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.