Healthcare News & Insights

Medical identity theft on the rise: How hospitals can help

167215610Medical identity theft is becoming an increasingly common crime. Here are some of the steps hospitals can take to better protect their patients. 

As the scams become more lucrative, more criminals are stealing patient data to commit medical identity theft, according to a recent study from the Ponemon Institute.

In the past year, there have been an estimated 313,000 new cases of medical identity theft in the U.S., according to the report — a 19% increase compared to last year.

This type of theft doesn’t just cause financial damage for patients. It can also have dangerous consequences due to changes in the victims’ permanent medical records, which might lead to inaccurate diagnoses or improper treatments in the future.

However, among the 788 victims surveyed by Ponemon, 50% weren’t aware of that risk.

Other victims did suffer serious consequences because of changes to their records. Among the survey respondents:

  • 15% were misdiagnosed because of inaccurate information in their records
  • 14% experienced a delay in getting treatment because of problems with their records
  • 13% were given the wrong treatment, and
  • 11% were prescribed incorrect medicine.

Many others (39%) lost insurance coverage due to the identity theft, and 43% had to pay out of pocket costs in order to restore coverage.

Providers have problems, too

Doctors can also be the victims of identity theft. Criminals sometimes steal credentials from physicians to bill payers for services that were never performed. Getting a name cleared after one of those incidents is often costly and time-consuming.

Hospitals also suffer when patients are victimized. More than half of the victims surveyed (56%) said they lost confidence in their healthcare providers as a result. That was increase from 51% who said the same last year.

Putting an end to the threat requires work from all groups involved, including providers, patients, payers and government agencies. Here are some of the steps hospitals can take to protect their patients and themselves:

1. Educate patients

One possible reason medical identity theft is increasing is that patients aren’t taking steps to protect themselves. The majority of patients aren’t aware of how serious the crime is, and as a result 50% of those victimized said they haven’t take any steps to avoid being the victim of fraud again in the future.

In fact, many of the cases examined in the Ponemon study were a direct result of the patient’s own actions. For instance, 30% of the victims said they shared their insurance credentials with someone they knew. Another 28% said a family member took their insurance card or other information without their consent.

Hospitals can help raise awareness by educating patients on the seriousness of the problem.

Allowing patients to access to their own medical records can also help prevent fraud by giving patients the opportunity to spot any inconsistencies.

Patients should also take the time to thoroughly examine any explanation of benefits they receive from insurance providers. Only 21% of the people surveyed by Ponemon said they read their EOBs all the time. And even when they do, just 52% of them said they report inaccuracies that they find.

2. Protect patient data

While most cases looked at in the study (58%) were carried out by someone the victim knows, the rest occurred when the patient’s personal information was stolen, either from their healthcare providers or from the individuals themselves.

Hospitals can help prevent some of those data breaches by educating patients on how to avoid phishing scams and other attacks and by taking steps to improve the security of data stored on the organization’s premises.

Some of the best practices to secure healthcare data include:

  • making sure all portable devices are encrypted before they hold any sensitive data
  • deleting data once it’s no longer needed
  • properly vetting all business partners and service providers that will have access to patient information, and
  • training staff members on how to protect patient privacy.

3. Respond to breaches

Of course, as anyone who works in IT will tell you, it’s not possible to prevent all security incidents. That’s why it’s important to have a data breach response plan in place.

The actions a hospital takes can have a big impact on whether or not any of the stolen information is used to commit medical identity theft. Hospitals must make sure affected patients are notified as soon as possible and in clear language that makes it easy to understand exactly what happened and what the potential risks are.

Hospital employees should be available to answer patients’ questions after those notifications are sent. Offering to pay for credit monitoring services for affected patients can also help cut down on medical identity theft.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.