Medical identity theft is on the rise in the U.S., both in terms of the number of people affected and the average cost to victims, according to the second annual survey on the subject conducted by the Ponemon Institute, Traverse City, Mich. The study was sponsored by Experian, Irvine, Calif. Despite the rising number of incidents, the study points to a lack of awareness of the risk of identity theft, and a reluctance to take steps to prevent medical identity theft in the future.
In fiscal year 2011, 1.49 million people were victims of medical identity theft, compared to 1.42 million the previous year, with an average cost per victim of $20,663, up from $20,160 the previous year.
In a telephone interview, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said “medical identity theft is disastrous and in some ways not resolvable.” A medical record that contains flawed patient health information as a result of illicit use resulting from theft can be very hard to fix, and the victim may not be aware of the compromised information in the record, he says.
Ponemon adds that the results of the survey point to a need to educate the public, both on healthcare reform and, especially, on the consequences of medical identity theft. “We need to be smarter about our health records and the things that can go wrong of [health] information is not correct,” he says.
Among the key findings, a vast majority of the respondents in the general sample (91 percent) did not know the definition of medical identity theft before completing the survey. (In contrast, 77 percent of a smaller sample of those who had either experienced medical identity theft either directly or through a family member, were aware of medical identity theft before completing the survey.)
In addition, 79 percent said they were not aware or were not sure how medical identity theft would affect their credit score. Most respondents learned about the theft after the damage had been done, either through a collection letter, a mistake in their health records or a decline in their credit score, before becoming aware they were victims.
A majority of victims said their medical identity was stolen to obtain medical services, prescription drugs or medical equipment or government services. About one-third said their identity was stolen by accessing a credit report or healthcare records.
Nearly a quarter of victims said they did not know when the medical identity theft incident occurred, and 31 percent said they discovered the theft more than a year after it had occurred.
Medical identity theft is often a family affair. According to 36 percent of respondents, a member of a family stole personal identification credentials without the victim’s knowledge. Fifty percent of respondents said they did not report the crime to law enforcement. Of those who did not report, 51 percent said they knew the thief.
A high number (26 percent) of respondents admitted to sharing their credentials with family members; of these, 56 percent said they did this only once, probably because they were worried about possible consequences, according to the report. Compassion was cited as the reason for sharing their credentials with a family member, either because the family member did not have insurance or because the family member could not afford treatment.
The primary consequences of medical identity theft are financial harm (50 percent said the most harmful consequence was paying for services illegally rendered), and loss of their health insurance coverage (49 percent).The most negative consequences cites by respondents were: loss of money (46 percent; embarrassment (37 percent; increased insurance premiums (31 percent); and lost medical coverage (21 percent).
Yet surprisingly, 49 percent of respondents said they would take no new steps to prevent medical identity theft in the future. Twenty-nine percent said they would monitor their credit reports; 25 percent said they would review their medical records, and 15 percent said they would make sure their medical reports were stored by security conscious vendors.
Healthcare privacy is an important issue with many medical identity theft victims, with 78 percent saying they expected healthcare providers to ensure the privacy of their health records. Of the steps to ensure privacy of their medical records, 71 percent wanted assurance that only professionally trained medical practitioners had access to their medical records; another 69 percent wanted to be able to control their medical records directly. In addition, 62 percent wanted stricter laws to prevent the government or companies from accessing their records without consent.
The survey also pointed to a lack of knowledge about healthcare reform on the part of the public. Only 26 percent said they were familiar with the new healthcare reform bil passed in 2010, and 32 percent had no knowledge of the bill. In addition, 79 percent were not aware of the initiative to have an electronic database for patient information; if aware, respondents were uncertain how the database would affect the security of their personal health information.