Imagine going to the doctor’s office for a checkup and finding procedures or prescriptions in your medical record that were a surprise to you. Just as with financial identity theft, an increasing number of Americans are finding themselves the victims of medical identity fraud, as thieves steal their health-insurance number, Social Security number and other personal information and resell them on the black market for use by other people.
Studies conducted by the Ponemon Institute (www.ponemon.org) indicate that the number of medical identity theft victims in the United States has grown from an estimated 1.4 million in 2010 to more than 1.8 million in 2012. Now a nonprofit public-private sector organization is being formed to unite stakeholders to develop best practices, solutions, and technologies for the prevention, detection and remediation of medical identity theft and fraud. Founding members of the Medical Identity Fraud Alliance (MIFA) (www.medidfraud.org) include ID Experts, the Identity Theft Resource Center, the National Health Care Anti-Fraud Association, the BlueCross BlueShield Association, the Consumer Federation of America and AARP.
Robin Slade, one of MIFA’s development directors, says the digitization of protected health information and access by business associates has made patient records more vulnerable to data breaches. MIFA’sfounders saw a need for a coordinated effort from providers, payers, policymakers and service providers to address the problem, she adds.
Both Slade and co-development director Bill Barr have extensive experience in financial sector fraud prevention. She says the medical field can learn from the experiences of the financial sector. “We see a direct correlation to what the financial sector went through when e-commerce developed,” she says. “We have an opportunity to learn from that experience. One thing the financial services companies realized is that fraud is not a competitive issue, and they cooperated on combatting it.”
A MIFA white paper notes that the credit card industry first developed sophisticated analytics and began sharing fraud data to stop credit card fraud. The companies also began calling customers about transactions flagged by the analytics, which raised the visibility of the problem with the public.
“There is a lot of value in getting parties together to get information out to chief information security officers about specific threats,” Barr says. “Technology use in ID authentication and fraud prevention in healthcare is still in a primitive state. It will help to have a conversation that includes policymakers on steps we can take to move forward.”
The white paper suggests that innovative technology solutions might help:
• provide better authentication of the identities of individuals requesting healthcare services;
• provide for greater security and privacy of an individual’s healthcare records as they are transmitted throughout the healthcare ecosystem; and
• provide a means for victims of a PHI breach to monitor and protect their medical identities.