The surprising truth about medical ID thieves

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.govhealthit.com/news/surprising-truth-about-medical-id-thieves-EHR-ACA-privacy-security

Medical identity theft is up nearly 20 percent in the past year, according
to a new study, making it the fastest-growing form of fraud in the United
States.

The 2013 Survey on Medical Identity Theft, in fact, found that that an
estimated 1.84 million people are victims of medical identity theft in the
U.S. — costing victims an estimated $12.3 billion. While the extent of
medical identity theft is surprising, even more alarming is its major
cause: medical identity theft tends to run in families.

According to Larry Ponemon, chairman and founder of the Ponemon Institute,
the research shows that a large percentage of the supposed identity thefts
were actually caused by consumers sharing their personal or medical
credentials with friends or family, who then use them to obtain medical
services or treatments. Another major cause is family members taking and
using the victims’ credentials without consent; in many of these cases, the
victims are loathe to report theft by a family member. Almost 60 percent of
the medical identity theft reported in the Ponemon study was due to misuse
of medical credentials among family members.

Lives on the line
Medical identity theft costs the consumer. In the Ponemon report, 36
percent of respondents paid an average of $18,860 in out-of-pocket
expenses. Among other things, the medical identity thief may leave a string
of unpaid medical bills that affect the victim’s financial well-being. If
medical examination shows a history of drug abuse, or if a child brought in
for treatment by a thief has been a victim of child abuse, the identity
theft victim could face criminal prosecution. But the possible medical side
effects are far more dangerous.

Corrupt medical records can and do lead to mistreatment, misdiagnosis,
delay in treatment, or being prescribed the wrong pharmaceuticals. Consider
these scenarios:

- A patient goes to the hospital with acute appendicitis, but diagnosis is
delayed because someone else used his medical identity and gave a medical
history that included a prior appendectomy.
- An elderly man goes to his local ER for a back injury, and the doctor on
call also notices a lymph node infection and prescribes a course of
penicillin. The patient vehemently objects, saying that his
life-threatening allergy to penicillin should be noted in his medical
record. An inquiry reveals that someone had used the man’s medical
insurance ID card to obtain services at that hospital and had been
prescribed penicillin.
- A patient goes to the doctor and is told that she cannot be seen unless
she pays in advance for services because she has exceeded the limits of her
medical insurance policy. Investigations reveal various medical collections
for services that were never paid, including an emergency room visit
resulting in an anesthesiology bill and an osteopathy consult, and
potential surgery.

In fact, 15 percent of the medical identity theft victims surveyed in the
Ponemon study experienced a misdiagnosis as a result of the fraud, 12
percent were mistreated as a result of false information in their medical
records, 14 percent experience a delay in treatment, and 11 percent were
prescribed the wrong pharmaceuticals.

Empowering the consumer
A recent paper by the Medical Identity Fraud Alliance cites the lack of
awareness among professionals and consumers about the crime and its
potential dangers.

“Few people think of themselves as having a medical identity and thus the
idea of someone stealing their medical identity is not even on their radar
screen,” the report explained. Individuals need to be made aware that
sharing their credentials can endanger their access to medical care and
even their lives, and they need to learn how to protect themselves from
medical identity fraud. Half of the respondents in the Ponemon study have
done nothing to resolve the incident of medical identity theft or fraud,
and the study shows that most consumers don’t take even basic measures to
protect their medical identities, such as reviewing Explanation of Benefits
forms (EOBs) from their health insurance companies. Fifty-six percent of
respondents in the Ponemon study do not check their health records and EOBs
for inaccuracies because they either don’t know how or said it’s too
difficult.

It will take individuals, the healthcare industry, and government working
together to reduce the risk of medical identity theft. Healthcare
organizations and government must improve their authentication procedures
to ensure that imposters are not obtaining medical services and products.
They must also look for ways to simplify EOBs and to make them more
accessible to consumers. (For example, some insurers are using automated
online notification of claims and creating portals where customers can
review their EOBs and report errors.) Finally, the industry needs to engage
in a campaign to educate consumers on the potentially dire consequences of
medical identity fraud.

Without extreme vigilance, the increased use of electronic health records
under the broad umbrella of health reform, including the Affordable Care
Act and the HITECH Act, will make it easier than ever to steal medical
records. Medical identity fraud is a societal issue that must be addressed
at all levels, from individuals to providers to health plans. But the
efforts of the Medical Identity Fraud Alliance and the healthcare ecosystem
as a whole can help to prevent these dangerous crimes.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.