Ponemon Institute Publishes Fifth Annual Study on Medical Identity Theft

Each year the Ponemon Institute conducts an annual survey on victims of medical identity fraud to gain a better understanding of its prevalence and how it impacts on the lives of those affected.

The organization has now completed and published the Fifth Annual Study on Medical Identity Theft which indicates that medical Identity theft has increased by 21.7 percent since 2013.

Medical identity theft is classed as the use of personal information, Social Security numbers and other confidential data to fraudulently obtain products – such as drugs, prescriptions and medical devices – or medical services. It also includes the use of this information to make fraudulent insurance and billing claims.

In the case of credit card fraud, the opportunity for thieves to use stolen information is limited. The theft of credit card numbers is identified very quickly and the cards can be blocked. Credit card limits prevent major losses and victims are covered by insurance and can make claims relatively easily.

Victims of medical identity fraud often do not find out about the theft until many months after a fraud has been committed, such as when they attempt to claim benefits or when they receive a large bill for medical treatment they did not receive. The survey suggests that it takes more than three months for the victim to become aware that a crime has even taken place.

The discovery of a theft is usually only identified when an error is noticed on a medical invoice (33%), a collection letter is received (28%), EOB errors from health insurers are noticed (24%) or mistakes in health records are identified (24%).

The survey data indicate that the average cost of a data breach to the victims – those whose data had been used to obtain benefits, claims or medical services – was $13,453. Resolving the crime and mitigating the damage caused is a lengthy process – calculated to take more than 200 hours of the victims’ time. Only 10% of the respondents surveyed achieved a satisfactory resolution to the crime.

It is not only financial harm that is suffered by the victims. 89% of the victims of medical Identity fraud believe they suffered a negative impact on their reputation, often causing considerable embarrassment by having their medical conditions – present or past – divulged to third parties. Almost a fifth (19%) believed they had missed out on career opportunities as a result while three percent attributed lost employment to the theft.

The huge data breaches which occurred during 2014 made big headlines, although the use of data by friends and family – either with or without consent – to obtain medical products or services accounted for a high proportion of medical identity theft cases.

25% of the respondents knowingly provided their Social Security numbers to friends and relatives to obtain medical services or products, while 24% had their details taken without their consent.

Confidence in healthcare providers’ ability to secure data is low, which is perhaps unsurprising given the huge volume of data breaches that occurred during 2014. 68% of the people surveyed were not confident that their healthcare providers had implemented sufficient measures to protect their data while 53% believed their medical identity theft was the result of negligence on the part of their healthcare provider.

Because of the high cost of medical identity fraud it is essential that healthcare providers, health plans and other HIPAA-covered entities take the appropriate steps to keep data secure and take proactive steps to prevent fraud. The report suggests that they must also give the victims more assistance in dealing with the consequences.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.