Someone asked me (unbelievably!!) “…what’s the big deal about disclosing someone’s Protected Health Information (PHI)?”  After coming down off the “surprise” ceiling, I first responded with “Hellllloooooo!!”, followed by “Duuuhhhh!”, followed by a brief discussion about Medical Identity Theft.  Just last week, a federal judge in Birmingham sentenced a Pleasant Grove man to six years in prison for his part in a prescription fraud scheme that started with the theft of PHI.  Of course, I could have discussed lost job opportunity, lost business opportunity, denial of medical benefits, discrimination, etc, etc.  I stuck with Medical Identity Theft…

Medical Identity Theft is a criminal act that occurs when a person uses someone else’s personal information, such as name and insurance card number, without that individual’s knowledge to obtain or make false claims for medical services or goods. Unlike financial identity theft, medical identity theft can harm its victims by creating false entries in their medical records at hospitals, doctors’ offices, insurance companies, and pharmacies. These false changes made to victims’ medical files and histories can remain on record for years without discovery or correction.

Victims of medical identity theft can result in receipt of inappropriate medical treatment including potentially harmful medication, exhausting someone’s health insurance benefits, and subsequently loss of both life and health insurance coverage. Victoms can even fail screening exams for employment due to the presence of diseases and other conditions in their health records that are not theirs but rather belong to the individuals who stole the identities.

To compound the problem, health care systems are increasingly moving away from paper-based charts to computer-based or electronic medical records (EMR/EHR). This may make it more difficult to recover from medical identity theft as these incorrect medical entries and/or fictitious medical records are transmitted and stored for legitimate reasons throughout the computerized patient record networks of various providers, payers, and others involved in health care. Of course, the financial consequences of this crime remain the same as financial identity theft: serious blemishes on credit reports, unpaid bills, harassing phone calls from collections agencies, etc.  You’ve seen those ads.

If you create, receive, maintain or transmit PHI, safeguard it as if it were you own.

The complete HIPAA Privacy and Security regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Abusing Your Systems Privileges Can Lead to TerminationHIPAA Privacy and Security Reminder – What is Protected Health Information (PHI)? >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.