Guidelines to Combat Medical Identity Theft Are Released by California Attorney General | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Guidelines to Combat Medical Identity Theft Are Released by California Attorney General

November 20, 2013
by John DeGaspari
| Reprints
Report focuses on best practices in the age of electronic medical records
Click To View Gallery

New guidelines for preventing and remedying medical identity theft have been released by the Office of the Attorney General of California. The American Health Information Management Association (AHIMA) contributed to the development of the guidelines, “Medical Identity Theft: Recommendation for the Age of Electronic Medical Records,” whose primary purpose is to contribute to best practices for healthcare providers and related organizations in managing patient information. It contains recommendations for provider, payers, health information organizations that manage and oversee health information exchange functions, and policymakers.

The report notes that medical identities are misused in two primary ways. One is consensual, in which the individual knowingly shares his or her identity with someone to allow that person to obtain medical goods or services. It cites a 2013 Ponemon Institute study that estimates that nearly half of medical identity theft victims shared their identifying information with someone they knew. Yet the attorney general’s report says that this type of theft should decline as the Affordable Care Act (ACA) extends coverage to many who are now uninsured or underinsured.  Medical identity theft also occurs when the victim does not know the perpetrator, as the result of lost or stolen information or an insider abusing access to records. The report also notes that medical identity theft is underreported and costly—the Ponemon Institute study estimates $1.84 million victims in 2013, with estimated out-of-pocket costs of $12.3 billion.

The attorney general’s report says that by mandating the transfer to electronic medical records, the ACA offers the healthcare industry a way to address medical identity theft. It recommends that healthcare organizations evaluate their current practices for privacy protection and data security, and implementing appropriate counter-measures. Strategic use of technology can help prevent, detect and mitigate  the effects of the crime. It recommends that providers must protect compromised records and thereby eliminate the risk that erroneous medical information poses to the victim’s health and quality of care.

Key Recommendations

For providers:

  • Build awareness of medical identity theft as a quality-of-care issue within the organization.
  • Make patients aware of medical identity theft, which includes using someone else’s medical ID or sharing theirs and its potential consequences.
  • Deploy technical fraud prevention measures such as anomaly detection and data flagging, supported by appropriate policies and processes so that all red flags are appropriately investigated.
  • Implement an identity theft response program with clear written policies and procedures for investigating a flagged record. Train staff in all relevant departments on these policies and procedures.
  • Offer patients who believe they have been victims of medical identity theft a free copy of relevant portions of their records to review for signs of fraud.
  • When an investigation reveals that a record has been corrupted by medical identity theft, promptly correct the record.

For payers:

  • Make Explanation of Benefits statements patient-friendly. Include information on how to report any errors that are discovered.
  • Notify customers who have been identified as victims of medical identity theft by email or text or other agreed upon timely method whenever a claim is submitted to their account.
  • Use automated fraud-detection software to flag suspicious claims that could be the result of identity theft.
  • When medical identity theft is confirmed, the first priority should be correcting the patient’s claims record to eliminate the possibility that benefits could be capped or terminated.

For health information organizations:

  • Build system capabilities that can assist in the prevention, detection, investigation and mitigation of medical identity theft.
  • Adopt policies and standards that recognize the possibility of medical identity theft. Include specific policies relating to medical identity theft as part of privacy and security policies and procedures.  

For policymakers:

  • The U. S. Department of Health and Human Services should include a medical identity theft incident response plan as a certification requirement or as one of the best practices if they are currently developing for health information organizations or exchanges and accountable care organizations.
  • The report also recommended considering its guidelines when collaborating on the development of standards and software for electronic health and suggested that they could also form the foundation of standard policies for industry self-regulation. 


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).