Citing the growing number of data breaches at healthcare organizations, four U.S. Senators are asking the Department of Health and Human Services (HHS) what the agency is doing to mitigate medical identity theft.
The letter, which is addressed to Andy Slavitt, acting administrator for Centers for Medicare and Medicaid Services (CMS) and Jocelyn Samuels, director of the Office of Civil Rights, both within HHS, calls attention to major recent cyberattacks such as Anthem, Premera Blue Cross, CareFirst BlueCross BlueShield, Excellus BlueCross BlueShield and UCLA Health System, which affected up to 105 million people. In the letter, the Senators state that sizeable and damaging breaches continue as a result of traditional threats, including unauthorized access and disclosure and loss or theft of laptops.
The authors of the letter are Lamar Alexander, chairman on the Senate Committee on Health, Education, Labor and Pensions, Orrin Hatch, chairman on the Senate Committee on Finance, Patty Murray, ranking member of the Senate Committee on Health, Education, Labor and Pensions and Ron Wyen, ranking member, Senate Committee on Finance.
“Medical identity theft is a unique crime with consequences for victims that stretch beyond those associated with financial identity theft. To help assess the adequacy of current efforts to mitigate medical identity theft and the resources currently being offered to victims, we respectfully request that you answer the following questions by November 24, 2015,” the letter states.
In the letter, the Senators question what services CMS offers to Medicare and Medicaid beneficiaries who suspect they are victims of medical identity theft and how long individuals who report identity theft to CMS have to wait for a response as well as how OMR and CMR tracks reported cases of medical identity theft and how recent breaches at healthcare organizations effect the Medicare and Medicaid programs.
Data security is a growing concern with the public and healthcare providers. According to an Accenture report, healthcare providers stand to lose $305 billion in patient revenue over the next five years due to the impact of cybersecurity attacks.
