Cyber Access Control | MFA Enterprise Password Management | Access Smart

The Growing Threat of Medical Identity Theft

I have been following a very disturbing trend for a couple of months now, and it is that of Medical Identity Theft. When we think of identity theft, we typically worry about credit cards or store credit being taken out in our name. Somebody attempting to purchase a vehicle or finance a mortgage using our personal identity. What we don’t really think about however is medical identity theft.

According to a recent article in MedPage Today, nearly four out of ten doctors surveyed by the accounting firm PriceWaterhouseCoopers are reporting that they have caught a patient attempting to use someone else’s identity in order to obtain healthcare services.

While common theft account for 66% of the publicly reported security breaches documented since 2009 — stolen laptops, stolen smartphones, using patient data to submit fraudulent claims, and of course, people seeking care using other people’s information. However, the single most commonly reported breach was improper use of patient data by a employee of any institution or office that handles patient information.  The list is extensive. Doctors offices. Dentists offices. Hospitals. Insurance companies, etc.

In 2011 the Ponemon Institute, sponsored by Experian ProtectMyID, released their second annual National Study on Medical Identity Theft. The study concluded that roughly 1.5 million Americans are victims of medical identity theft. And, according to the study, the average cost to resolve a case of medical identity theft is $20,663 (or over $200 per record), up from $20,160 in 2010.

“While credit card data will earn a few dollars on the black market, medical and medical insurance account information can sell for hundreds,” says Robbie Higgins, VP of security services at IT solution provider GlassHouse Technologies. Mr. Higgins also goes on to explain “While credit cards, banks, and financial services firms have systems highly tuned to spot fraudulent transactions, the same isn’t true for health care services. “They’re much less mature when it comes to their ability to spot fraudulent transactions,” he says.

Watching this trend has made me wonder just how much personal information we have to give our medical practitioners. Frankly, it is always a good ideal to give out your Social Security number only when absolutely necessary. Some places simply must have that number (for example, your bank or your employer need that information to report tax information. Credit grantors need that information to obtain a credit report). However, sometimes it is collected merely as a convenience. Whenever you are asked for your Social Security number, find out why it is needed, how it is going to be used, how it is protected and what will happen if you don’t provide it. A company or doctors office may tell you that it can’t do business with you unless you provide your number, but at least you will be making an informed choice.

If you don’t want to turn over your social security number to office personnel that ask for it, or write it on the form they give you, then here are a few ways you may be able to wrangle your way out of that requirement:

  • Offer to pay cash for the service.
  • Offer to provide s portion of your SSN – perhaps the last four digits.
  • Ask for the office manager and find out what their intent is for collecting the SSN. If they tell you they are required by some entity to collect it, then ask what entity expects that.
  • Understand that you may be at risk of being rejected as a patient if you simply refuse a doctor’s office staff member who is adamant. In that case, you may be better off looking for a new doctor anyway.