Healthcare News & Insights

3 ways hospitals can help prevent medical identity theft

167215610Medical identity theft is becoming a big financial danger for patients – and it’s hurting hospitals, too. 

Data breaches are expensive for all organizations. On top of the IT costs involved in discovering and fixing a breach, the organization may find itself paying legal fees and suffering long-term reputation damage and lost business.

And IT security incidents are especially dangerous for hospitals and other health care firms. Along with financial institutions and government agencies, those organizations are among the biggest targets for hackers thanks to the wealth of sensitive information they hold.

Most of the time, those cyber criminals are after information about individuals that can be used to commit identity theft — and a lot of people are being affected by those breaches.

In 2012, 16 million Americans were notified by an organization of a data breach that may have compromised their personal information, according to a recent report published by Javelin Strategy & Research and Identity Finder.

And among those individuals, around 25% found themselves to be the victims of identity theft.

Data breach victims take their business elsewhere

Increasingly, the loss of current customers and future business is becoming one of the biggest long-terms costs of an IT security failure. As breaches become more common and people become more knowledgeable about privacy and identity theft issues, patients and customers want to work with organizations that protect their information.

And that means a large number of people will break ties with an organization after a data breach, according to a recent poll from Cintas. Among the U.S. consumers polled, 40% said they would find a new doctor and 35% said they would start going to a different hospital if their personal information was stolen.

What hospitals can do

The bottom line: Helping to prevent data breaches and medical identity theft is good for hospitals’ business.

Stopping fraud requires help from all facets, including providers, insurers, government agencies and patients themselves, according to a recent report from California Attorney General Kamala Harris (D) on curbing medical identity theft.

Here are some of the recommendations the report has for hospitals and other healthcare providers:

  1. Educate patients about medical identity theft — Many cases of fraud could be prevented or at least stopped earlier if patients paid closer attention to their records and statements to spot suspicious activity. In addition, many types of fraud occur because of patients’ own negligence — for example, letting someone else use their insurance card. Hospitals can help by teaching patients what they should look for and how they can protect themselves. Organizations should also make it simple for patients to get access to those documents.
  2. Vet and train staff members — Many privacy breaches are blamed on hospital staff, either because of intentional theft or negligence that leaves information vulnerable. That’s why it’s important to properly vet all new hires who will have access to patient information, and to train them on their responsibilities for keeping that data secure.
  3. Identify red flags — During patient interactions and when processing paperwork, hospital staff should be trained to identify red flags that could signal fraud. That includes information collected when a patient visits that doesn’t match what’s on file, tests being ordered that are inconsistent with the patient’s history, etc.

In addition to those steps, hospitals should also work toward protecting electronic patient data from cyber security attacks. For help, read our post on the 10 best ways to protect healthcare data.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. […] to their cultures to pull their weight when it comes to cybersecurity. Clinics and hospitals should train their employees carefully and be choosy about who they partner with for outside IT services. Security “hygiene” […]