Tuesday, February 11, 2014

Medical identity theft increasing; survey says 43% of leaks involve medical records

Modern technology has brought about an increase in identity theft and lately in a particularly dangerous form: medical identity theft. According to a survey conducted by the Identity Theft Resource Center, 43 percent of all record breaches in personal information in 2013 involved health records . That's more than those involved with banking and finance, education, the government and the military, Michael Ollove writes for Stateline.

Medical identity theft is deceptively obtaining another person's personal information—such as name, Social Security number and health-insurance number—to get medical services, reimbursements or prescription drugs. "Medical identity theft is a growing and dangerous crime that leaves its victims with little to no recourse for recovery," said Pam Dixon, World Privacy Forum's founder and executive director. "Victims often experience financial repercussions and worse yet, they frequently discover erroneous information has been added to their personal medical files due to the thief's activities."

The Patient Protection and Affordable Care Act has caused even more concern about the privacy of medical information. Some people worry that online marketplaces could compromise confidentiality, and with the increased push for digitized medical records comes questions about the level of security of the computer networks. "Edward Snowden, the former National Security Agency contractor who has disclosed the agency's activities to the media, says the NSA has cracked the encryption used to protect the medical records of millions of Americans," Ollove writes.

According to Sam Imandoust of the Identity Theft Resource Center, thieves can obtain medical information by stealing laptops or hacking into computer networks. "With a click of a few buttons, you might have access to the records of 10,000 patients. Each bit of information can be sold for $10 to $20," he said. Over half of the security breaches result from a stolen electronic device, 20 percent result from a person's obtaining unauthorized access to information or giving it to someone who shouldn't have it and 14 percent result from hacking.

The Health Insurance Portability and Accountability Act and the Health Information Technology Act are the two federal laws that mandate the confidentiality of medical records. A business, institution or provider can be charged between $100 and $50,000 for failing to meet privacy standards, and a person who violates HIPAA could be charged a fine of $50,000 and serve up to a year in prison.

Even if the breach is discovered, that doesn't undo all the damage, Ollove writes. "It's almost impossible to clear up a medical record once medical identity theft has occurred," said James Pyles, a Washington, D.C., lawyer who has dealt with health issues for more than 40 years. "If someone is getting false information into your file, theirs gets laced with yours, and it's impossible to segregate what information is about you and what is about them." The U.S. has "a regulated industry that is saddled with laws with so many loopholes that they don't know what they are responsible for and a public that doesn't believe their health information is being protected." (Read more)

No comments:

Post a Comment