Tuesday, February 10, 2009

Medical Identity Theft

I just want to weigh in on this for a moment. There are reams of new data on medical identity theft as the nation is just beginning to come to terms with medical identity theft. Just a short couple of years ago it was hard to convince anyone that this kind of identity theft was a problem. National magazines published articles essentially denying the existence of medical identify theft as a plausible threat. Now we can see from new FTC research that there have been approximately 480,000 medical identity theft victims in 2008. That is roughly 6% of the aproximately 8 million identity theft victims for the year. The victims fall into two basic categories. Those who report new medical insurance accounts were opened in their name, and those who report that medical care was administered to unknown persons in their name.
That is a problem.

We do have legislation aimed at protecting your personal medical information. HIPAA, http://www.cms.hhs.gov/hipaaGenInfo/ the (Health Insurance Portability and Accountability Act) passed in 1996 mandates significant changes in the legal and regulatory environments governing the provision of health benefits, the delivery and payment of health care services, and the security and confidentiality of individually identifiable, protected health information. HIPAA is sweeping in scope and also very complex.
I am happy to say that for the most part health organizations such as hospitals, medical groups, clinics, and others have done remarkably well in addressing the requirements. Corporations and businesses that have health plans, and so called "cafeteria" style benefits plans have also done the heavy lifting regarding compliance procedures to protect this type of data, as have medical insurance groups.

Why then is medical identity theft on the rise? There are two things that come to mind. As our economy slips further and more people find themselves in financial troubles, stealing and selling sensitive information with little or no chance of being caught looks pretty lucrative. We can expect that to continue to be on the increase. Estimates are that all forms of identity theft combined are expected to increase by as much as 20 times within the next 12 to 18 months. That is part of what makes the second reason even more compelling. Just as much information is lost by simple forgetful acts and a lack of understanding of the risks as there are outright thefts. Also what is missing is the component that ties all of the privacy requirements addressed in HIPAA together with a general awareness of medical identity theft. That is identity theft training of the employees of these institutions charged with protecting health information. No compliance program can call itself complete and effective without training. A good understanding of the various forms of identity theft and how they affect all of us is a key aspect in reducing this criminal epidemic. It is imperative to empower the medical, payroll, records keeping, and human resources staff with a solid background. How they can respond to identity theft threats, and how to mitigate their own risk along with that of the patients and clients they serve. There is simply no substitute for training, and most importantly training in person where there is discussion and not simply a check-off list for compliance purposes. Discussion prompts interaction which will raise participation and a deeper retention of the information. Catchy huh? After all we want to stop identity theft if we can, not simply comply with an abstract law.

"When we protect the information we hold on others we are protecting them, when others do it they are protecting us."

No comments: