Medical identity fraud has increased nearly 20 percent compared to the year before in the U.S., affecting an estimated 1.84 victims and having a total out-of-pocket medical costs incurred by medical identity theft victims of $12.3 billion. Those are takeaways of the 2013 Survey on Medical Identity Theft, an annual survey now in its fourth year, which was released yesterday by the Ponemon Institute LLC, Traverse City, Mich., and sponsored by Portland, Ore.-base ID Experts. The report’s release roughly coincided with the launch (on August 29) of the Medical Identity Fraud Alliance (MIFA), an industry group formed to raise public awareness and to come up with potential ways to address the medical identity theft.
(For the purposes of the study, medical identity theft occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, goods, or prescription drugs, including attempts to commit fraudulent billing. The survey results were based on responses of 788 adults who reported that they or close family members were victims of medical theft. The number of new cases over the past year is estimated at 313,000; the increase of the base rate of identity theft victims climbed from 0.68 percent to 0.82 percent, which represents a 19-percent increase in incidents over one year.)
In speaking of this year’s findings, Larry Ponemon, Ph.D., chairman and founder of the research group, says that medical identity theft is having serious consequences, not only in monetary damages, but in compromised personal medical records that can result in misdiagnoses, wrong treatments or wrong prescriptions. Ponemon notes that inaccuracies in a person’s medical record resulting from identity theft are difficult to correct. “Once it’s in your medical record that you are a certain blood type or have an allergy, it’s hard to correct in one place. It’s not like a credit report; it’s complex and for the rest of your life you will have to inspect your medical records,” he says.
Resolution of a crime is time-consuming, according to the survey. Of those who did try to resolve an incident, 35 percent worked with their health plan or insurer and 31 percent worked with their healthcare provider. Such activities consumed almost a year or more, according to 36 percent of respondents, and 48 percent said the crime is still not resolved.
Ponemon says that half of the respondents are not aware of risk of life-threatening inaccuracies in their medical records, and do not take steps to protect themselves. Victims comprise people on Medicare and Medicaid, as well those with premium health insurance plans, he says. Half of the respondents said they do not take any steps to protect themselves from future medical identity theft. Fifty-four percent do not check their health records, because they don’t know how and they trust their healthcare provider to be accurate. Also, 54 percent of respondents do not check their explanation of benefits document, and of those who found unfamiliar claims, 52 percent did not report them.
Medical identity theft crimes also affect the reputations of healthcare providers. About 56 percent of respondents said they lost trust and confidence of their healthcare providers, compared to 51 percent the prior year.
The survey suggested that many victims put themselves at risk by sharing personal health records with family members or friends—often because the family member was uninsured or could not afford to pay for the treatments. About 30 percent of respondents said they knowingly shared their personal identification with someone they knew and another 28 percent said that a member of the family took the personal identification or medical credentials without their consent. “This is something we have been tracking for four years, and is consistent, that a third of the population of medical identification theft falls into the category of family fraud,” Ponemon says.
According to MIFA, medical identity theft is getting to be a bigger and more complex problem, with the Affordable Care Act (ACA) and the increased use of electronic health records. “We expect it to continue to grow; we have an influx of healthcare changes taking place and we’ve got an influx of new consumers into the healthcare system,” says Robin Slade, a development coordinator with the newly formed industry group. While malicious intrusions by criminal organizations are a contributing factor to the problem, it is also complicated by technology challenges such as the rapidly increasing use of mobile devices, she says. “The healthcare industry is facing unprecedented levels of risk,” she says, adding that while those issues can be resolved, the industry needs to overcome some hurdles first.
Slade says that there is no single solution that will solve the medical identity theft problem. “We have to look at this comprehensively, which is why MIPA is building an organization with multiple perspectives,” she says. (The organization has 10 founding members and 20 participating organizations, representing provider organizations, payers, consumer groups. She expects MIPA to have 100 organizations by the end of next year.) “We need to start with the processes within each organization and make sure it is doing what it needs to do to protect the data; that it is monitoring the data and knows who is touching it and has access to it. It starts with simple processes and best practices that organizations get put into place,” she says.
There is also a need to look at the broader issues, such as enrollment and authentication, she says. “There isn’t one-size-fits-all when it comes to this. It’s very complex and it’s going to take a variety of people working together to make an impact,” she says.
Get the latest information on Cyber-Security, and attend other valuable sessions at this two-day, intimate event bringing together C-level, physician, practice management and IT decision makers for strategy discussions, knowledge exchange, and one-on-one meetings.