Medical ID Theft: A Crime Without A Cure?

June 24, 2011
In this week's issue of BNA's Privacy and Security Law Report, it is reported  that a California advisory group is struggling to develop

In this week's issue of BNA's Privacy and Security Law Report, it is reported that a California advisory group is struggling to develop recommendations for combating the growing crime of medical identity theft. As a member of that advisory group, I can attest that the issues are indeed difficult and highlight why the health care industry is likely to be plagued by this new form of crime in coming years.

As noted in one of my earlier postings, California passed a new law, A.B. 1298, that took effect on January 1 of this year, expanding the state's security breach notification law to apply to "medical information" and "health insurance information." One of the primary objectives of this new law was to fight medical identity theft. Medical ID theft occurs when someone uses a person's name, along with other pieces of information, such as insurance ID number, to obtain medical services or goods, or uses the person's identity to submit false claims for medical services. One of the most damaging aspects of medical identity theft is that it can result in erroneous entries in a person's medical record.

The California Office of Privacy Protection ("COPP") convened a 16-member advisory group to update the document "Recommended Practices on Notice of Security Breach Involving Personal Information," most recently updated in February 2007. The update was to reflect recommended practices to deal with medical ID theft in the wake of A.B. 1298. The problem is that it's difficult to identify practices that will actually prevent this insidious new crime.

For example, a victim of financial identity theft can place a security freeze on their credit report through the three major consumer reporting agencies. There is no such centralized method for blocking medical identity theft when your medical information is disclosed in a security breach. Some have suggested that health plans should somehow flag the files of a possible victim of medical ID theft. Health plans respond that there is no available mechanism for placing such an alert or "red flag" on an individual's file. Moreover, even if such a mechanism existed, it would only be effective when a claim for services is submitted to the plan, long after the medical theft has already been committed in a hospital or physician's office. Medical ID theft is a growing crime, with the Federal Trade Commission reporting approximately 250,000 cases in 2005 alone. For now, though, it appears to be a crime without a cure. Given the difficulty of these issues, it should be no surprise it is taking a few drafts for the COPP advisory group to develop its recommended practices document.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?