It will impact not only the victim of the ID theft, but also the providers who treat a patient with a stolen ID.  It’s estimated to be this big:

•     Estimates are that 1.8 million people will fall victim to medical ID theft in 2013.  This is an increase of over 313,000 over 2012, nearly a 20% jump.  
•     Fraud losses in healthcare are significant to overall healthcare costs and in most cases facilitated by stolen medical identities. The FBI reports that healthcare fraud costs the United States at least $80 billion a year.

Negative consequences of the crime

Some think that this is of little concern.  If your wallet were stolen, of course you would inform your credit card companies and the state to get a new driver’s license issued, but would you think of contacting your insurance company?  Medical ID theft is costly in these ways:

•     $12 billion in additional out-of-pocket expenses paid by the victims
•     Victim’s corrupted medical records lead to:
  • •     Misdiagnosis 15% of the time
    •     Mistreatment 13% of the time
    •     Treatment delay 14% of the time
    •     Wrong prescriptions 11% of the time
•     39% of the time the theft results in the victim losing their health insurance

Causes of theft

Sharing your medical ID with a friend or family member who doesn’t have insurance is sometimes thought of as a good deed.  Some call this a “Robin Hood” crime.  Thefts happen by:
    

•     Victim knowingly shares their medical ID credentials – 30%
•     Family member took medical ID without consent – 28%
•     Medical ID was provided to a fake email or spoofed website – 8%
•     Healthcare provider, insurer or other related organization has a data breach – 7%
•     An employee working in the healthcare provider’s office stole the ID – 5%
•     Thief intercepted a mailed statement or invoice – 5%
•     Lost wallet containing medical ID – 3%
•     Don’t know – 14%

According to the stats above, two are in the purview of the provider’s office: data breach and theft by a provider’s employee.  These two account for 12% of the occurrences. 

But rest assured, regardless of the cause, if your practice treats someone with a stolen medical ID, it will cost you time and money to rectify the issue and may likely require you to write-off the charges.  

In last week’s post I said “Your office records are a goldmine to an identity thief”. 

So, what’s the value of that goldmine?  Experts say that the value of medical identities is greater than Social Security numbers on the black market.  Kirk Herath, Nationwide Chief Privacy officer, estimates that a stolen medical ID has a street value of $50 – whereas a stolen Social Security number only sells for $1.  

Updated HIPAA rules went into effect last week (9/23/2013).  The most obvious changes were to the privacy and security rules and the penalties for a PHI breach (Protected Health Information).  The government could fine you up to $1.5 million per violation.  The government is taking this issue very seriously in attempting to squeeze fraud out of the healthcare system.  

A serious problem?  Yes!  With serious consequences?  Yes! 

If you aren’t instituting increased security around your data, you will be ignoring the very real risk that exists in medical ID theft. 

Better password management is a cheap way to protect a very valuable asset and a right click for every practice. 

.