From the June 2014 issue of Investment Advisor • Subscribe!

Critical Care: The Far-Reaching Effects of Medical Identity Theft

Medical identity theft is something that can affect your clients, their medical coverage and their lives

Did you know? You can earn continuing education credits by answering questions about this article.

Start earning credits
Medical identity theft isn't just expensive--it could cost your clients their lives. Medical identity theft isn't just expensive--it could cost your clients their lives.

The words “identity theft” conjure up a pretty frightening picture. However, medical identity theft can not only threaten your clients’ financial well-being, but their lives as well.

Surprisingly, most people seem unaware of the ramifications of medical identity theft, despite the fact that its effects can be considerably farther-reaching than conventional identity theft, up to and including threatening the victim's very life.

Think that's an exaggeration? If someone steals your medical identity, you could be left with a denial of coverage because you’ve supposedly exceeded maximum benefits for the year. You could be denied coverage altogether because your medical records indicate a condition you don't even have.

Your records could say your blood type is B+ when it's actually A-, that you have no allergies when you’re deathly allergic to sulfa drugs, or that the appendix that has just burst and is turning your insides septic has already been removed. These are not errors you want to encounter in the emergency room.

Medical identity theft is growing faster than conventional identity theft, according to the Identity Theft Resource Center. Around 1.84 million people were hit with medical identity theft in 2013—that's up 19% from 2012. Forty-three percent of data breaches that ITRC captured and categorized fall into the medical category.

And the numbers are still on the rise. The latest survey on patient privacy and data security from the Ponemon Institute shows that health care providers have suffered 100% more cyberattacks since 2010, despite an increase in measures designed to prevent them.

If someone steals your credit card, legally you’re only on the hook for $50—and that's if the credit card company doesn't waive that $50, which most do. There's no such protection in medical identity theft. Ponemon's fourth annual survey on medical identity theft found that victims spent an average of $18,660 “to restore their medical identity,” which included paying bills that weren't theirs; paying for medical services because their coverage had lapsed thanks to the theft; and paying for identity protection, legal counsel and credit reporting to straighten out the mess.

There were other effects, too. Misdiagnoses because of inaccuracies in health records were reported by 15% of survey respondents; 14% reported a delay in medical treatment because of inaccuracies; and 13% reported that their illnesses were mistreated because of inaccuracies. Thirty-nine percent actually lost their health insurance.

Not only that, but the average time to clear up the mess was longer than a year—getting medical records straightened out isn't as simple as notifying credit reporting agencies.

But wait; there's more. Doctors whose information is stolen could be on the hook for substantial sums, not to mention legal action and loss of patients. Scammers with stolen records have falsely billed insurance companies and Medicare and Medicaid for millions.

Ponemon's study said that security measures are sadly lacking in the offices of doctors and medical firms. They are legally required to safeguard patient information, of course, and if that information is stolen, they could be liable for the theft and fined or even subjected to legal action. But allowing staff to use their own devices to access patient data is not only common, most medical firms do not even require that antivirus and other security software be installed on those devices before they’re used to tap into office systems.

How happy will patients be to remain with a doctor who's responsible for their information being sold to the highest bidder on the Internet?

Then there's the matter of doctors’ own identities being stolen. The IRS could come looking for them for unreported income, even if that income went to an identity thief.

The FTC website offers useful information for health care providers and health plans, and patients can learn a lot about what they can do at the same site. There's more at the Centers for Medicare & Medicaid Services and the World Privacy Forum websites, and providers of identity theft coverage will have additional helpful suggestions.

During that next office visit, it might be time for a medical checkup.

Page 1 of 2
Single page view Reprints Discuss this story
This is where the comments go.