Electronic Health Records Could Make Medical Identity Theft Easier
Written by: Michelle Stoffel Huffman | Wed, 01 May 2013 20:35:35 +0000
As health care technologies advance and medical practices make the switch to digital health records, more opportunities are created for criminals to commit identity theft.
More than half of U.S. hospitals today, about 3,700, use some form of electronic health record—a digital version of the traditional paper chart that stores a patient's complete medical history. With the transition to electronic records, health care providers have improved their quality of care and patient outcomes by more easily tracking a patient's medical data.
But the large amount of personal information contained in those electronic medical records could leave patients vulnerable to identity theft or medical insurance fraud. As more records are stored digitally, they become a goldmine for hackers.
Data breaches of protected health information —information that can be linked to a specific person by name, Social Security number, address or birth date—are at epidemic levels, according to Redspin, a leading provider of IT security assessments.
Redspin's 2012 annual breach report, which examined 538 breaches affecting more than 21 million patient records, found that more than half of all breaches involved a business associate—a third-party vendor that required access to health information to provide their own services.
Though the level of medical identity theft and fraud has been low compared to the number of data breaches that have occurred, the risk of identity theft could increase as more records go digital.
"As you move toward getting 85 to 90 percent of patient records in electronic format, all of those [records] become very, very rich targets, and we all have to do a better job at protecting those [records]," says Dan Berger, president and CEO of Redspin.
As more medical organizations adopt electronic health records, Berger says hacking, both from within and outside the organization, could pose a threat.
From September 2009 to April 2013, there were 571 breaches of unsecured protected health information that affected 500 or more individuals, with more than 21.7 million individuals impacted to date, according to data published by the Office for Civil Rights
The majority of breaches were due to theft or loss, and the top locations for these breaches included laptops, desktop computers and portable electronic devices, like smartphones and tablets. Breaches involving paper records also account for many of these cases, says Rachel Seeger of the Office for Civil Rights.
Any data breach of health information, whether digital or paper, could be dangerous for patients because it could expose their personal or health insurance information to identity thieves.
If an identity thief uses your name or health insurance information to receive medical care, the thief's health history could get confused with yours. This could cause problems with your medical treatment, health insurance, payment records and even your credit report.
You may be a victim of medical identity theft if:
- You are billed for medical services you did not receive.
- You are contacted by a debt collector for a medical debt that is not yours.
- You are denied health insurance because of a condition you don't have.
- Unfamiliar medical collection notices appear on your credit report.
- There are mistakes in your medical record.
An identity thief with access to your medical records may have access to a whole host of your personal information. Be sure to take steps to protect your identity soon after you learn you've become a victim in order to keep the theft from spreading to other parts of your financial life.