By Margaret Rutter Foltz
Faculty Member, School of STEM at American Military University
In early 2015, three Blue Cross Blue Shield insurance plans suffered major security breaches which exposed close to 92 million consumer records. According to Experian, 42% of the major security/privacy breaches in 2014 related to such healthcare organizations.
Patient medical identity theft is one outcome of these types of breaches. This occurs when an impostor bills your health plan for false or inflated claims, or when medical personnel obtain prescription drugs associated with your medical identity. These fraudulent healthcare claims are typically unnoticed until a victim seeks similar legitimate medical care and their claims are denied. Additionally, the integrity of the victim’s medical record is at risk. An incorrect medical record can potentially have serious health consequences for the victim.
There are several reasons why medical identity theft is a growing trend.
- Experts estimate that a medical record is now worth ten times (or more) than stolen credit card or social security number information.
- The required digitization of health information by the Affordable Care Act has made records more easily accessible to attackers because the healthcare sector has less sophisticated data protection methods.
- Attackers are targeting healthcare data because of the amount of personal data stored within a health record. As defined by the HIPAA Privacy Rule, a health record contains 18 identifiers that constitute personally identifiable information (PII).
Healthcare organizations must subscribe to an ongoing risk management process in order to protect electronic healthcare data. All computer systems that process, store, or transmit healthcare data must be protected and proactively monitored for breaches. Medical devices must be safeguarded by both the device manufacturer and the healthcare organization’s network. A robust cybersecurity awareness program should be required for all healthcare staff to avoid a breach due to employee negligence. And, finally, healthcare organizations must continually audit for federal HIPAA compliance.
It is important to note that medical identity theft is not the only ramification of a medical record breach. This type of breach can affect the entire identity of the victim by causing considerable, and potentially long-term, damage.
A victim of medical identity theft may experience issues with their credit, health coverage can be lost when false claims max out the policy limits, and health premiums may increase due to the false claims changed against the policy.
Healthcare IT News reported that the cost for a victim to resolve a medical identity theft is around $13,000. What can we do to protect ourselves now? Below are some tips to protect the integrity of your medical record, I encourage you to read and share them to help get the word out.
- Obtain a copy of your medical records and thoroughly review them. Report any errors to your provider.
- Review medical statements from your providers and insurance company.
- Obtain a copy of the “accounting of disclosures” for your medical records from your providers and insurance company.
- Review your credit report on an annual (or bi-annual) basis.
- Utilize a medical identity protection service (idexpertscorp.com)
If fraud is detected:
- Notify your insurance company
- File a police report and a medical identity theft complaint with the FTC
- Report the issue to all credit reporting companies and place a fraud alert on your credit files.
- Obtain copies of your credit report and review for errors.
About the Author
Margaret Rutter Foltz has worked in the field of Information Technology for more than 20 years. She has achieved a Master of Science in Information Technology as well as multiple technical and security certifications (CISSP, ISSMP, CISM, CISA, ITIL, MCSE). Margaret has successfully managed technical staff and offshore resources and has a solid combination of both IT Security and IT Management experience that has spanned across the Financial, health care, IT Services and Distribution sectors. Her true passion is IT Security/Privacy and all of its related components.