Medical identity theft is on the rise and hackers are being more creative about obtaining personal medical information. In fact, a recent study by researchers at Michigan State University found nearly 1,800 incidences of large data breaches in patient information over a seven-year period from October 2009 to December 2016.
Large health care organizations need to proactively protect themselves and their employees because there is a breach their employees and patients could both be victims. Providing a comprehensive set of services around identity theft protection is a key focus for enterprises everywhere – as an employer you recognize the pains, and the tremendous risks, that your employees are exposed to once they leave the four walls of the office. So, although you have solid security policies and perhaps even have limited their Internet access, your employees are still exposed due to the nature of the digital world we live in.
In the U.S., medical identities are 20 to 50 times more valuable to criminals than financial identities. According to BankRate.com, the average cost for victims of medical identity theft is $22,000 to resolve the crime. And, the impact can go well beyond financial. For example, a fraudster could use your employee's health insurance information to receive services, which could then cause the employee's own medical records to get compromised. This could trigger prescription fraud, inaccurate medical records, and just a massive headache for your employee.
Here are five tips to help your employees protect their medical information:
- Track medical records and check for mistakes. Remember, patients have the right to see their records and have errors corrected. Wrong information not only points toward evidence of identity theft but also has implications around treatment.
- Read medical and insurance statements regularly and completely. These can show warning signs of identity theft. Employees can even ask the insurer for a listing of benefits paid out under the policy at least once a year to further ensure a comprehensive review of any potential fraudulent claims.
- Monitor where and when personal medical information is provided. Whether it's in person, over the phone, or online – always decide if the information is necessary before providing it.
- Keep paper and electronic copies of medical records and health insurance records in a safe place. And, when no longer needed, shred documents containing personal information.
- Look for medical organizations that follow the “Red Flags Rule.” This requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations and take steps to prevent the crime and mitigate its damage.
Cleary medical identity theft is dangerous, and the impact on an organization can be substantial. Employees must resolve any identity theft issues during working hours, which means time away from the office. Therefore, an employer can become an innocent bystander, or even collateral damage.
The costs associated with medical identity theft may be a primary reason why the health care industry and related stakeholders are teaming up to focus on prevention. However, according to Fortune, it is a daunting task: “With so many potential avenues for information to be lost, so many different institutions from which to steal data, and so many ways of perpetrating fraud at other organizations, the industry is a long way from being as impenetrable as the financial services industry.”
There is some good news, though. Protection solutions combatting medical identity theft are becoming more widely known and adopted. Businesses — including health care providers such as hospitals, integrated care payer-providers such as Kaiser Permanente, insurers, credit companies, and digital security companies — formed the Medical Identity Fraud Alliance to help prevent medical identity theft.
