Preventing Medical Identity Theft

Over the past five years, medical identity theft has more than tripled. More than thirty percent of the U.S. population has been affected and this number is expected to rise with the transition to electronic medical records. The healthcare industry has become a prime target for cyberterrorists, and hefty profits are being made from PHI (personal healthcare information) on the black market. Regardless the size of the practice, medical identity theft is a real threat and should be taken seriously by providers and healthcare organizations alike.

Personal medical data is said to be more than ten times as valuable as credit card information, which is why the healthcare industry has been so heavily targeted by hackers. It has such a high value because it contains highly sensitive information such as social security numbers, birth dates, addresses, credit card numbers, telephone numbers, and medical conditions.

It is not only health insurers and hospitals that are at risk for a data breach. Many doctors’ offices, clinics, and outpatient surgery centers have minimal security and limited resources to put protective measures in place. The harsh reality is that when administrators are preparing their annual budgets, funding for additional staff, a new MRI, or piece of medical equipment typically takes precedence over a new data security system.

What can be done to protect patient medical data?

To prevent data theft and protect patients, organizations and practices should make cyber security a priority and invest in implementing quality security solutions, training, and employing the right talent. Increased security actions are necessary such as encryption for laptops and devices, adding firewalls and intrusion prevention for malware, implementing two-factor authentication and adding data loss prevention technologies. Other measures include installing fraud prevention capabilities such as data flagging and a theft response program.

Finally, it is important for organizations and medical practices to build awareness of medical identity theft with staff and educate employees on how to prevent theft and keep patient data secure. In addition, practices should readily offer patients access to their medical records to review for signs of fraud.

How can patients protect their medical information?

Patients can help to protect themselves against medical identity theft by making sure they have a copy of their medical records and review them for accuracy.

  • Review medical records to make sure that all health information is correct such as allergies, medicine, blood type, etc.
  • Review EOBs (Explanation of Benefits) to make sure the services being billed to your health insurance are the correct ones.
  • Keep Medicare or Medicaid documents and Social Security number in a safe place.
  • Do not let anyone use your Medicare or Medicaid identification card, Social Security or insurance plan number.
  • Shred receipts, hospital bills and insurance forms.
  • Destroy the labels on prescription bottles.
  • Do not share personal information unless you know why someone needs it and how the information will be kept safe.
  • Do not share your Social Security number or insurance plans numbers by phone or email unless you know the company.
  • Review medical bills and insurance statements carefully.
  • Monitor credit regularly.