BreachExchange mailing list archives
The surprising truth about medical ID thieves
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 11 Oct 2013 22:39:17 -0600
http://www.govhealthit.com/news/surprising-truth-about-medical-id-thieves-EHR-ACA-privacy-security Medical identity theft is up nearly 20 percent in the past year, according to a new study, making it the fastest-growing form of fraud in the United States. The 2013 Survey on Medical Identity Theft, in fact, found that that an estimated 1.84 million people are victims of medical identity theft in the U.S. — costing victims an estimated $12.3 billion. While the extent of medical identity theft is surprising, even more alarming is its major cause: medical identity theft tends to run in families. According to Larry Ponemon, chairman and founder of the Ponemon Institute, the research shows that a large percentage of the supposed identity thefts were actually caused by consumers sharing their personal or medical credentials with friends or family, who then use them to obtain medical services or treatments. Another major cause is family members taking and using the victims’ credentials without consent; in many of these cases, the victims are loathe to report theft by a family member. Almost 60 percent of the medical identity theft reported in the Ponemon study was due to misuse of medical credentials among family members. Lives on the line Medical identity theft costs the consumer. In the Ponemon report, 36 percent of respondents paid an average of $18,860 in out-of-pocket expenses. Among other things, the medical identity thief may leave a string of unpaid medical bills that affect the victim’s financial well-being. If medical examination shows a history of drug abuse, or if a child brought in for treatment by a thief has been a victim of child abuse, the identity theft victim could face criminal prosecution. But the possible medical side effects are far more dangerous. Corrupt medical records can and do lead to mistreatment, misdiagnosis, delay in treatment, or being prescribed the wrong pharmaceuticals. Consider these scenarios: - A patient goes to the hospital with acute appendicitis, but diagnosis is delayed because someone else used his medical identity and gave a medical history that included a prior appendectomy. - An elderly man goes to his local ER for a back injury, and the doctor on call also notices a lymph node infection and prescribes a course of penicillin. The patient vehemently objects, saying that his life-threatening allergy to penicillin should be noted in his medical record. An inquiry reveals that someone had used the man’s medical insurance ID card to obtain services at that hospital and had been prescribed penicillin. - A patient goes to the doctor and is told that she cannot be seen unless she pays in advance for services because she has exceeded the limits of her medical insurance policy. Investigations reveal various medical collections for services that were never paid, including an emergency room visit resulting in an anesthesiology bill and an osteopathy consult, and potential surgery. In fact, 15 percent of the medical identity theft victims surveyed in the Ponemon study experienced a misdiagnosis as a result of the fraud, 12 percent were mistreated as a result of false information in their medical records, 14 percent experience a delay in treatment, and 11 percent were prescribed the wrong pharmaceuticals. Empowering the consumer A recent paper by the Medical Identity Fraud Alliance cites the lack of awareness among professionals and consumers about the crime and its potential dangers. “Few people think of themselves as having a medical identity and thus the idea of someone stealing their medical identity is not even on their radar screen,” the report explained. Individuals need to be made aware that sharing their credentials can endanger their access to medical care and even their lives, and they need to learn how to protect themselves from medical identity fraud. Half of the respondents in the Ponemon study have done nothing to resolve the incident of medical identity theft or fraud, and the study shows that most consumers don’t take even basic measures to protect their medical identities, such as reviewing Explanation of Benefits forms (EOBs) from their health insurance companies. Fifty-six percent of respondents in the Ponemon study do not check their health records and EOBs for inaccuracies because they either don’t know how or said it’s too difficult. It will take individuals, the healthcare industry, and government working together to reduce the risk of medical identity theft. Healthcare organizations and government must improve their authentication procedures to ensure that imposters are not obtaining medical services and products. They must also look for ways to simplify EOBs and to make them more accessible to consumers. (For example, some insurers are using automated online notification of claims and creating portals where customers can review their EOBs and report errors.) Finally, the industry needs to engage in a campaign to educate consumers on the potentially dire consequences of medical identity fraud. Without extreme vigilance, the increased use of electronic health records under the broad umbrella of health reform, including the Affordable Care Act and the HITECH Act, will make it easier than ever to steal medical records. Medical identity fraud is a societal issue that must be addressed at all levels, from individuals to providers to health plans. But the efforts of the Medical Identity Fraud Alliance and the healthcare ecosystem as a whole can help to prevent these dangerous crimes.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- The surprising truth about medical ID thieves Audrey McNeil (Oct 18)