Little Recourse-So Far
The WPF report notes that identity theft is deeply entrenched in the health care system, and that victims ought to have recourse in the form of a right to correct errors, remove false information, and receive one free copy of their medical record each year. Patients also should be informed of breaches in their records as soon as they occur.
Explore This Issue
May 2007The report recommended that:
- Studies be conducted to determine the incidence and nature of the crime in order to prevent and counteract it.
- Patients have expanded rights to their own health information in its various medical and financial forms.
- Patients should be informed about errors and allowed to correct them-in all iterations of the record.
- When patients have been victimized, they should have adequate legal and monetary recourse-equal at least to the protections offered to victims of financial identity theft.
In addition, public and private health insurers should send each beneficiary a free annual listing of all paid claims.
Mr. Long agreed: We need to devise a multiplicity of solutions: physical security of medical data, photo ID at the point where care is provided, and automated auditing of medical records.
He noted that some doctor’s offices, hospitals, and HMOs have begun to ask patients for identification such as a drivers license or Social Security number. Still, considering how easy it is to buy a fake license, this isn’t much extra protection.
Until there are strong laws, accompanied by strong enforcement and effective technology, Mr. Long said, things are unlikely to improve.
Medical Identity Theft Survey
A survey commissioned by Kurt Long’s company, EpicTide, conducted in November 2006, revealed that, despite increasing media reports, the public has little appreciation of how widespread and dangerous medical identity theft is.
The survey sought to find out if consumers are aware of the phenomenon, what the incidence is, how well they understand their rights before and after they have been victimized, and how well the health care system protects their records and ensures their safety.
Among the findings:
- Nearly half of respondents had never heard of medical identity theft and were mostly unaware of its serious consequences.
- But when the consequences were described, consumers’ top three fears were the risk to life and health, loss of privacy and confidentiality, and changes in their medical records.
- Several respondents had been victimized, and the majority had yet to resolve all the ensuing problems.
- Most victims did not know the perpetrator, but 18% of them had been victimized by a family member.
- Consumers are confused about privacy rights, and only 53% had been asked to sign a HIPAA notice at the point of medical service (most didn’t read it).
- Respondents believe almost unanimously that health care providers and organizations are responsible for protecting their medical privacy, but only 40% think that this is being done.
- Even fewer-only 30%-believe that hospitals inform potential victims of suspected breaches of medical record security.
©2007 The Triological Society