While the digitization of healthcare records has been well-intentioned, it has also created an unintended consequence: medical identity theft. In 2014, the Medical Identity Fraud Alliance found that incidences of medical identity theft had nearly doubled since a similar study was conducted five years prior. In light of this finding, it’s crucial that patients and providers learn more about this new phenomenon and how to protect themselves. Here are some ways to achieve that goal.
What is Medical Identify Theft?
Much like financial identity theft, medical identity theft is a growing threat, particularly when someone’s name, medical records and/or insurance information becomes compromised and is used illegally to obtain medical treatment, drugs or surgery.
Furthermore, the consequences of medical identity theft can be extremely damaging and difficult to correct. Victims of medical identity theft may end up with an inaccurate medical history, receive bills for medical services they did not receive, be denied insurance coverage or even be called by a debt collector for unexplained debts they did not incur.
Secure technology solutions are the leading financial investments among healthcare providers to detect medical identity theft. Along with secure IT, providers should implement a “red flag” system to identify duplicate demographic details and document suspicious behavior, like patients refusing to provide a photo ID.
Providers should also encourage patients to help detect medical identity fraud by carefully monitoring their own personal medical bills, insurance statements, credit reports and explanation of benefits for anything out of the ordinary.
Sophisticated data encryption and smart card technology can help prevent medical identity theft by ensuring that only authorized providers are accessing digital patient information. Along with these measures, providers should implement and train employees in best practices for handling and disposing of confidential patient information.
Likewise, patients can help protect themselves from medical identity theft by practicing safe online behavior, such as safeguarding their passwords to patient health portals and using hack-resistant devices. for example, the iPhone 7 is nearly impossible for hackers to access if security features are up to date and utilized. Even the FBI struggled to gain access into one.
Notifying the Patient
If a patient claims he or she has been the victim of medical identity theft, the provider should conduct an immediate and thorough investigation. If it’s determined identity theft occurred, providers must notify the patient and help to correct the record in question.
After the initial notification, providers should advise the patient on how to obtain copies of their medical and billing records (including any fees) to identify the impact of the theft and determine a resolution. Patients can also request a free accounting of disclosures each year, which would include any faxes or emails releasing patient information based on an invalid authorization.
Healthcare providers should review the patient’s records for services performed, any supporting documentation of a patient’s identity and any possible inconsistencies. Then, the victim’s record should be corrected. In addition, providers should contact everyone who had access to the patient’s medical or billing records, such as labs or other care providers, so they can correct any inaccuracies. Providers should also review their obligations under the Fair Credit Reporting Act before reporting any debts to credit reporting companies.
Finally, patients have the right to dispute inaccurate information in their medical records and have their records corrected. They should then file a report with the FTC, local police, their healthcare plan’s fraud department and the three nationwide credit reporting companies. If the dispute is not resolved, an explanation of the dispute can be put in the patient’s medical record.