Almost half of Americans’ sensitive health information have been disclosed in data breaches increasing their risk of medical identity theft and medical fraud.

Medical identity theft is the worst possible outcome for consumers affected by a breach of health information according to an article in the Wall Street Journal this weekend. Over the past four years, there have been a number of high profile data breaches in the healthcare sector that disclosed sensitive personal information – SSNs, Date of Birth, Account numbers, etc. Almost all of these incidents also included health insurance information and patient medical data – protected health information (PHI). This year Nevada, Oregon, Rhode Island, and Connecticut recently updated their consumer notification laws to expand their definition of sensitive personal data to include PHI.

The consumer remedy offered in each of these situations was credit monitoring. Credit monitoring has become the de facto consumer remedy, regardless of the type of data disclosed. There is a big problem with this “one size fits all” remedy. Credit monitoring is designed to help consumers detect changes to their credit file. It can indicate that an identity thief opened new credit cards, bank accounts, loans, or is using the victim’s identity to get a job. Credit monitoring doesn’t do a good job of detecting medical identity theft – a thief using your health insurance information to obtain prescriptions, medical services, or selling it to cyber criminals who commit Medicaid or Medicare fraud. In fact, in a recent settlement this year with the states Attorneys General, the three credit bureaus agreed to delay adding medical bills to a consumer file for 180 days, making credit monitoring even less effective as an early detection tool for medical identity theft.

Law makers and regulators are becoming aware that credit monitoring may not be the panacea for protecting consumers’ identities. On July 20, 2015, bipartisan leaders of the House Energy and Commerce Committee requested a report from the Government Accountability Office on the efficacy of providing credit monitoring for consumers following data breaches.

Click here to read the full blog.

August 10, 2015 by Rick Kam, ID Experts

1 hour influenza testing