Take steps to protect your practice and its patients from being victimized.

Many forms of identity theft may stem from a medical record breach. Thieves may use someone else’s identity to seek medical care, open new utility accounts, receive credit cards, conduct online transactions, apply for home loans, buy cars, get a job, commit crimes, or file for fraudulent government benefits.

Medical records contain a plethora of information all in one place. This is a jackpot for thieves. Medical identity theft poses a risk even greater than financial breaches. Consider someone claiming to be you and seeking medical care. Perhaps he or she has a serious medical condition that you do not have. Now this condition is on your permanent record. What if the thief is a drug addict, has a terminal illness, or a different blood type? Now, the thief’s medical profile is part of yours. Often, thieves will visit emergency rooms and leave the balance of the medical bill to the “real” person to pay. Unpaid bills go to collection agencies and affect credit ratings. The provider, also a victim, is left with unpaid services.

The Devastation of Medical Identity Theft
Consider the true case of the drug-addicted, pregnant woman who delivered a baby using a stolen health insurance card. The baby was born addicted to drugs and with other serious health concerns. The mother abandoned the baby the next day. The real insurance cardholder was visited by authorities and had her children taken into protective custody. A false medical profile can be devastating emotionally and financially: Victims may be denied life insurance, fired from their job, or even receive death threats.

Medical Devices
Other medical identity theft risks include medical alert devices, implanted defibrillators, continuous positive airway pressure machines, and insulin pumps. These devices connect to networks. Sophisticated hackers can intercept the data and access these devices and the personal information associated with them.

Consumers expect healthcare providers to be proactive in preventing and detecting medical identity theft. According to a recent Poneman study, 48 percent of respondents surveyed said they would consider changing healthcare providers if their medical records were lost or stolen. If a breach occurs, 40 percent expect prompt notification to come from the responsible organization.

Everyone who touches a medical record must be hyper vigilant. The U.S. Federal Trade Commission’s Red Flags Rule requires businesses and organizations to develop and implement procedures to detect suspicious activities or patterns of behavior that suggest identity theft. Some of the measures are as simple as asking for photo identification. Providers should ask for photo ID (government issued is preferred) and maintain a photo in the chart. Patients should protect their information, including their health insurance ID card.

Identity Theft: A Serious Problem
According to the Ponemon Institute, 2.3 million Americans were victims of medical identity theft in 2014. Victims will tell you, medical identity theft is one of the most expensive and time-consuming types of identity theft to resolve. Protected health information (PHI) breaches affect not just patients, but also providers and health plans.

Click here to read the full article.

December 1, 2015 By Jonnie Massey, AAPC guest blog