By Terry Corbell
The Biz Coach
Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft
Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery, and the data shows it adversely impacted 1.42 million Americans in 2010.
That’s according to a 2011 study by PricewaterhouseCoopers (PwC).
PwC reports medical ID theft aggregately cost more than $28 billion.
“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.
He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.
MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.
It reported the three most-common identity breaches:
- Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.
- Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.
- Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.
“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.
In public reports, theft was responsible for 66 percent of medical ID breaches in the last two years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.
More shocking news
Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.
“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.
More than 50 percent of the study’s respondents who work for healthcare organizations said they knew of at least one privacy breach since 2009.
“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”
What can patients do?
“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.
The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.
Obviously, as a business-performance consultant, here’s my sense:
- The medical profession should immediately take adequate security precautions.
- All medical employees should undergo privacy-confidentiality sensitivity training.
After all, shouldn’t these precautions be part of medical care?
From the Coach’s Corner, you might consider these security-resource links:
- Security Precautions to Take Following Citibank’s Second Reported Online Breach
- Our Mobile-Banking Warnings about Security Prove Prophetic
- 11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud
“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”
Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.