Medical Identity Theft Is Up, Affecting 1.84 Million U.S. Victims: Report

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.healthcare-informatics.com/article/medical-identity-theft-affecting-184-million-us-victims-report

Medical identity fraud has increased nearly 20 percent compared to the
year before in the U.S., affecting an estimated 1.84 victims and
having a total out-of-pocket medical costs incurred by medical
identity theft victims to be $12.3 billion. Those are takeaways of the
2013 Survey on Medical Identity Theft, an annual survey now in its
fourth year, which released yesterday by the Ponemon Institute LLC,
Traverse City, Mich., and sponsored by Portland, Ore.-base ID Experts.
The report’s release roughly coincided with the launch (on August 29)
of the Medical Identity Fraud Alliance (MIFA), an industry group
formed to raise public awareness of the issue and to come up with
potential ways to address the medical identity theft issue.

(For the purposes of the study, medical identity theft occurs when
someone uses an individual’s name and personal identity to
fraudulently receive medical services, goods, or prescription drugs,
including attempts to commit fraudulent billing.  The survey results
were based on responses of 788 adults who reported that they or close
family members were victims of medical theft. The number of new cases
over the past year is estimated at 313,000; the increase of the base
rate of identity theft victims climbed from 0.68 percent to 0.82
percent, which represents a 19-percent increase in incidents over one
year.)

In speaking of this year’s findings, Larry Ponemon, Ph.D., chairman
and founder of the research group, says that medical identity theft is
having serious consequences, not only in monetary damages, but in
compromised personal medical records which can result in misdiagnoses,
wrong treatment or wrong prescriptions. Ponemon notes that
inaccuracies in a person’s medical record resulting from identity
theft are difficult to correct. “Once it’s in your medical record that
you are a certain blood type or have an allergy, it’s hard to correct
in one place. It’s not like a credit report; it’s complex and for the
rest of your life you have to inspect your medical records,” he says.

Resolution of a crime is time-consuming, according to the survey. Of
those who did try to resolve an incident, 35 percent worked with their
health plan or insurer and 31 percent worked with their healthcare
provider. Such activities consumed almost a year or more, according to
36 percent of respondents, and 48 percent said the crime is still not
resolved.

Ponemon says that half of the respondents are not aware of risk of
life-threatening inaccuracies in their medical records, and do not
take steps to protect themselves. Victims comprise people on Medicare
and Medicaid, as well those with premium health insurance plans, he
says. Half of respondents do not take any steps to protect themselves
from future medical identity theft. Fifty-four percent do not check
their health records, because they don’t know how and they trust their
healthcare provider to be accurate. Also, 54 percent of respondents do
not check their explanation of benefits document, and of those who
found unfamiliar claims, 52 percent did not report them.

Medical identity theft crimes also affect the reputations of
healthcare providers.  About 56 percent of respondents said they lost
trust and confidence of their healthcare providers, compared to 51
percent last year.

The survey suggested that many victims put themselves at risk by
sharing personal health records with family members or friends—often
because the family member was uninsured or could not afford to pay for
the treatments. About 30 percent of respondents said they knowingly
shared their personal identification with someone they knew and
another 28 percent said that a member of the family took the personal
identification or medical credentials without consent. “This is
something we have been tracking for four years, and is consistent,
that a third of the population of medical identification theft falls
into the category of family fraud,” Ponemon says.

According to MIFA, medical identity theft is getting to be a bigger
and more complex problem, with the Affordable Care Act (ACA) and the
increased use of electronic health records. “We expect it to continue
to grow, and we have an influx of healthcare changes taking place and
we’ve got an influx of new consumers into the healthcare system,” says
Robin Slade, a development coordinator with the newly formed industry
group. While malicious intrusions by criminal organizations are a
contributing factor to the problem, it is also complicated by
technology challenges such as the rapidly increasing use of mobile
devices, she says. “The healthcare industry is facing unprecedented
levels of risk,” she says, adding that while those issues can be
resolved, the industry needs to overcome some hurdles first.

Slade says that there is no single solution that will solve the
medical identity theft problem. “We have to look at this
comprehensively, which is why MIPA is building an organization with
multiple perspectives.” (The organization has 10 founding members and
20 participating organizations, representing provider organizations,
payers, consumer groups. She expects MIPA to have 100 organizations by
the end of next year.) “We need to start with the processes within
each organization and make sure it is doing what it needs to do to
protect the data; that it is monitoring the data and know who is
touching it and has access to it. It starts with simple processes and
best practices that organizations get put into place,” she says.

There is also a need to look at the broader issues, such as enrollment
and authentication, she says. “There isn’t one-size-fits-all when it
comes to this. It’s very complex and it’s going to take a variety of
people working together to make an impact,” she says.

“There is tremendous value in sharing information,” says Slade, who
has a background in the financial services industry. She sees a
parallel between the financial services’ experience in coming to terms
with e-commerce and the healthcare industry’s challenge in coming to
terms with medical identity theft. Healthcare can leverage some of the
technologies, best practices, and procedures the financial services
industry has put in place, she says.

That’s not to underestimate the difficulty of the challenge:
“Healthcare has got complex issues, including regulations that vary
from state to state, that make it more difficult to make sure we are
looking at the issues from the right perspectives,” she says.
“Healthcare is a fragmented industry and we need to do a better job of
getting together and communicating.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.