Medical identity theft hits all-time high

'We do see healthcare organizations and health plans making moves'
By Erin McCann
10:06 PM
Share
hacker at computer

The lion's share of medical identity theft victims can expect to pay upwards of $13,500 to resolve the crime. What's more, about 50 percent of consumers say they would find another healthcare provider if they were concerned about the security of their medical records. How's that for a business case to take security a little more seriously?

As Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance, emphasized, the reputational impacts of medical identity theft for both consumer and provider organizations are huge. Patterson, who will be speaking at the HIMSS Media and Healthcare IT News Privacy and Security Forum in Chicago July 1, pointed to some concerning numbers found in the MIFA-sponsored annual medical identity theft study. Conducted by researchers at the Ponemon Institute, the study underscored a staggering 22 percent increase in medical identity thefts from just last year.

[See also: Medical identity theft sees sharp uptick.]

And if you're looking at it from a business case point-of-view, shirking one's security duties is just bad news. First off, it's not like having your credit card number stolen where you can make a quick call to your bank, cancel the charge and have them issue you a new card. This is personal medical data that can't be tracked by credit monitoring services.

"As humans, we're more concerned about whether or not a credit card number has been stolen," said Kevin Johnson, CEO of security consulting firm Secure Ideas, in an interview with Healthcare IT News earlier this year. "And there's such a lack of concern about my medical records, my personal data." And there's also the fact that "tomorrow Bank of America will ship me a new credit card."

In the February 2015 Ponemon study, 89 percent of victims said the identity theft "affected their reputation mainly because of embarrassments due to disclosure of sensitive personal health conditions." What's more, nearly 20 percent said it caused them to miss out on career opportunities.

Take the average cost most medical identity theft victims have to pay out, and consider their collective impact on your healthcare organization. Half of respondents say they'll go to another provider if they had concerns over it. 

There are things, though, healthcare organizations can do, and are doing, that are helping, Patterson added.

MIFA's members, for instance – which include giants like Kaiser Permanente, Aetna, the U.S.Department  of Veterans Affairs and Henry Ford Health System, among others – are making significant strides.

There's huge interest for some members in developing technologies that would address the notification, alerts and monitoring specifically for medical identities, similar to what credit monitoring does for those affected by financial identity theft.

"We do see healthcare organizations and health plans making moves for instance to do things like remove the Social Security number as part of the patient identifier," said Patterson. They've also seen a considerable uptick in biometrics and investing in technologies that would help with accurate reconciliation.