My Comments: If ever there was a 21st century crime, this is it. We’ve all read about what happened to Target Stores and others where customer information was stolen. What we don’t often think about in this context are our own medical records, scattered across the health care landscape which we inhabit.
I’ve been aware of it’s significance since becoming aligned with a firm in Duval County called Caduceus Consulting. They’ve developed a professional liability policy that provides legal help for any physician or dentist exposed to a cyber threat. You can find an overview of it here:
The threat is real, and it can be expensive to remedy. Even if you only suspect a breach, EVERY possible patient whose name and records are in your records must be notified and advised. For the owners of a medical practice, to which law firm do you turn for help? Who has the technical undestanding and skills to help make the problem go away? Can you make it go away? How many thousands of dollars will it cost?
To the extent you are a physician or dentist in Florida, I have a very low cost solution to mitigate this threat to your future financial security.
Feb 25, 2015 | By Dan Cook
Medical identify theft increased by nearly 22 percent in 2014 compared to 2013. And this tough-to-contain realm of fraud will likely continue to grow due to conditions that have created fertile ground for this particular crime.
That’s one major takeaway from the fifth annual study of medical identity fraud released by the Ponemon Institute and the Medical Identity Theft Alliance, nonprofits dedicated to investigating the causes and ramifications of medical identify theft and finding ways to counter its spread.
The report does not take into account the Anthem hack, in which as many as 80 million consumers had their personal data stolen.
“Medical identity theft is costly and complex to resolve,” the groups’ study concludes. The study attempts to estimate that cost and outlines the reasons for its stubborn persistence.
Among the major outcomes of this study:
• Health care providers are not doing enough to secure patients’ medical records;
• Health care providers don’t respond in a consistent or timely manner when fraud is suspected or has occurred;
• Medical identify theft victims frequently don’t learn that their ID has been stolen until three months following the theft;
• Once they find out, it often takes months — and an average of 200 hours — to resolve a case;
• The cost to resolve the average incident is $13,500, a cost often paid by the victim;
• Many victims either don’t know who to report theft to, or are afraid to report it for a variety of reasons;
• Many victims report their identify was stolen by someone they knew, most likely a relative;
• Consumers and health care organizations believe the Patient Protection and Affordable Care Act has made medical identify theft more common due to insecure insurance websites;
• Theft generally occurs to access medical services and products, not to steal a patient’s identity for more general purposes.
The study’s authors said that, while such theft can’t be prevented, there are steps that can be taken to reduce its spread. They include:
• Monitoring of credit reports and billing statements for evidence of theft;
• Check in periodically with the primary care physician to ensure accuracy of medical records;
• When a consumer suspects identity theft, one should contact a professional identity protection provider for follow-up;
• Education of insured individuals about the risks of sharing medical identity information even with close relatives;
• Health care and other organizations that are responsible for securing patient information should have systems in place to authenticate all patients seeking services.
The full study, which is chock-a-block with details about this growing threat, can be found here