Vigilance is still the best medicine for avoiding medical identity theft

June 26, 2012 by Michael Bruemmer

The latest Ponemon Institute Medical Identity Theft survey reflects the classic good news, bad news scenario. The good news is that more consumers understand how medical identity theft happens, and the importance of checking healthcare invoices and records for accuracy. The bad news is that the victim count has hit an all-time high (nearly 2 million annually), while breach frequency and financial damages continue
to rise, unabated.

Losses up 44% from 2010

Data extrapolated for 2012 reveals that losses from medical identity theft will top $40 billion, up 34% from last year and 44% from 2010. During any given hour thieves using pilfered credentials will steal nearly $5 million worth of medical services, equipment and prescriptions.

The survey also revealed:

  • Higher costs for recovery and resolution: victims pay on average $22,346
    (up 10% from 2011) to resolve medical identity theft, including the cost of identity theft protection and retaining legal counsel
  • Difficulty knowing when the crime occurred: one quarter of those asked did not know when their medical identity was stolen, while 34% said it took more than a year to find out
  • Collection letters still top the list: though more consumers learn of medical identity theft from suspicious statement or invoice entries, nearly 40% of victims first hear of their misfortune through collection letters

In a subtle but potentially instructive revelation, just 4% of survey respondents said a healthcare provider or insurance company notified them of the theft.

Providers beware

So how is all this flavoring consumers’ attitudes toward healthcare and insurance providers? The biggest non-financial consequence, according to Ponemon, is a loss of trust and confidence. If people perceive a lack of effective data safeguards, most (58%) feel no compunction about going elsewhere for services. If their medical records were ever lost or stolen 56% of respondents would also feel justified making a change.

Watch the vital signs

The top three actions desired by victims following medical identity theft include: reimbursement for the costs of changing providers; prompt notification of the loss or theft; and free identity theft protection for at least one year. (Hint: Providers can use these survey insights to develop post-breach strategies and programs aimed at reestablishing trust and confidence.)

Employers can also play a role in medical identity theft awareness by encouraging (and if needed, teaching) employees how to:

  • Keep medical information private
  • Regularly check medical records for accuracy (57% of those surveyed don’t)
  • Be more proactive about monitoring statements and charges
  • Review and interpret credit reports
  • Engage an identity theft protection service

Bottom line? When it comes to medical identity theft, vigilance is good medicine–for consumers and healthcare providers alike.

[dropshadowbox align=”none” effect=”lifted-both” width=”600px” height=”” background_color=”#ffffff” border_width=”1″ border_color=”#dddddd” ]Webinar Download: Healthcare Information Security Today conducted a survey to provide an in-dpeth assessment of the effectiveness of data protection efforts. View Now! [/dropshadowbox]