E-Health Initiatives Could Lead To New Forms Of ID Theft

ID thieves can use stolen identities to obtain drugs, treatment, and even surgery, leaving their victims not just in debt, but also with false records at hospitals, doctor offices, pharmacies, and insurance companies.
Part of the problem is a gap in the law. While the Fair Credit Reporting Act allows individuals to make corrections to their credit histories, the Health Insurance Portability and Accountability Act of 1996 gives no similar authority for medical files.

"In some cases, you can put in a rebuttal, but to get an absolute deletion of every mistake in your file, it doesn't happen," Dixon says. "It's almost impossible. You can get an amendment of records, but it's hard work; it takes years."

The Federal Trade Commission has received 19,428 complaints of medical identity theft since 1992, when it began recording such complaints. The World Privacy Forum report estimates that at least 250,000 to 500,000 individuals have been victims of this crime.

That compares to 8.9 million of U.S. adults who were victims of identity fraud in 2005, according to Javelin Strategy & Research, which compiles the most widely accepted survey.

Neither the Federal Trade Commission, which has studied financial identity theft but not incidents related to medical information, nor the Department of Health and Human Services has published a study on medical identity theft.

Evan Hendricks, editor and publisher of the Privacy Times newsletter and author of the book "Credit Scores and Credit Reports" says no authorized government agency or industry group - whether insurance agencies, medical providers, or hospitals - has looked into the problem. "There should be a more concerted effort to get a handle on the problem. There's every reason to believe it's even worse than we know."

The government may actually make the problem worse if it continues with its proposal to store digital copies of patient medical files on a National Health Information Network that hospitals, insurers, doctors, and others could potentially access.

That will increase the risks to patient privacy and the security of their records. "There is no indication at this time that the network is being constructed with a specific acknowledgement of medical identity theft," Dixon writes in the report.

Another wrench in fighting medical identity theft is that often the crime is committed by the very same people who provide care. The report named doctors, nurses, billing specialists and administrative employees as having taken part in the crime when it said that "medical identity theft is deeply entrenched in the health care system."

That's why security of patient data for the National Health Information Network is so important. "How do you secure a million identities if the doctor, the person inside the system, is stealing the data?" Dixon asks. "It would be really tough to walk about of a medical office with a million paper files in your hand, but it's really easy to walk out with a million files on a disk."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing