Medical Identity Theft and Fraud Are Rising: How to Protect Your Organization and Your Patients

Which industry suffers the most data breaches each year? Retail, maybe? Or banking and finance? In fact, for the past several years the answer has been the healthcare industry—and that has meant a dramatic rise in medical identity theft.

Ponemon Report 2015: Learn to manage your privacy & security risks

According to the Ponemon Institute’s 2014 Fifth Annual Study on Medical Identity Theft, sponsored by the Medical Identity Fraud Alliance (MIFA) and member companies including ID Experts, the number of medical identity theft incidents has more than doubled over the past five years. In 2014 alone there were 2.3 million victims—500,000 more than in 2013. And this was just for medical identity theft. Millions more have suffered from fraudulent billing against their medical identities from unscrupulous providers or even organized crime.

Consider what a hacker—or the person who buys the information—can do with stolen medical identities:

• Pose as a care provider to bill Medicare, Medicaid, and private insurance for fake services.
• Obtain medical goods and procedures (prescription drugs, surgery, etc.).
• Steal patients’ credit card and Social Security numbers from their billing information.
• Pollute patient medical records with information that could kill them.

Medical identity theft is extremely expensive and burdensome for healthcare entities, and it can lead to contaminated medical records that undermine quality of care. For patients, the crimes are also costly and time-consuming to resolve, especially as many providers lack adequate measures to prevent, detect, and mitigate the crimes.

In fact, the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data found that only 10 percent of medical identity theft victims reported achieving a satisfactory conclusion to the incident—and victims spent an average of over 200 hours to resolve the crime.

Now here’s the good news: Healthcare providers and their privacy and compliance officers can take several straightforward steps to reduce the prevalence and impact of medical identity theft:

1. Build awareness within the organization. Medical identity theft is a serious quality-of-care issue, in addition to being costly and an administrative burden. It should be prioritized.
2. Educate patients. Let patients know that they should review their Explanation of Benefits for accuracy, monitor their credit, and avoid sharing their medical identity or use someone else’s.
3. Prevent fraud from happening. Deploy technical solutions such as anomaly detection and data flagging, along with appropriate policies and processes, to catch fraud early.
4. Investigate immediately. Build an identity theft response program with clear policies and procedures to investigate flagged records.
5. Support prompt resolutions. Quickly correct corrupted medical records and offer patients who may be victims of identity theft a free copy of the relevant portions of their medical records.

Beyond these steps, there is now, for the first time, an easy and sure-fire way for healthcare providers to help patients keep their medical identities secure: medical identity monitoring services such as MIDAS from ID Experts.

Ponemon Report 2015: Learn to manage your privacy & security risks

MIDAS alerts patients (on their smartphone or other device) whenever a claim is made against their healthcare plan benefits. Patients can immediately flag suspicious claims, which are investigated by fraud experts at ID Experts. If fraud or theft takes place, MIDAS works with patients, providers, and insurers until the issue is resolved as quickly and cost-effectively as possible.