Medical identity theft and fraud statistics are alarming-and will be even more worrisome with the recent breach at Anthem Inc., yet they fail to put a human face on the crime. It’s one thing to say that medical identity theft cases increased 19 percent between 2012 and 2013 (according to Ponemon Institute’s 2013 Study on Medical Identity Theft, sponsored by the Medical Identity Fraud Alliance). It’s quite another to learn that 53 percent of victims believe their health-care provider’s negligence either caused or contributed to the theft.
The 2014 iteration of Ponemon’s research,the fifth annual Study on Medical Identity Theft, delves into how the crime affects the victims, how they believe it happened and how it makes them feel about the health-care organizations involved in the identity theft. With the Identity Theft Resource Center reporting that to date in 2014, 317 health-care data breaches have exposed more than 8 million consumer records, it’s vital that health-care organizations understand the toll medical identity theft exacts from the victims.
How does medical identity theft happen?
While you may think of identity theft as something perpetrated by a shadowy, opportunistic stranger who acts without the victim’s knowledge, the reality is far closer to home for most victims. Of the medical identity theft victims Ponemon interviewed, 24 percent said a family member took the victim’s personal information or medical credentials without the individual’s consent, and another 23 percent had willingly shared their information with someone they knew and trusted.
In 59 percent of cases, the identity thieves used stolen information to fraudulently obtain health-care services or treatments, prescription medications, medical equipment or government benefits. Just 23 percent of victims said the thieves used their information to access the victims’ health records, and only 14 percent had fraudulent credit accounts opened in their names.
Who do victims blame?
While the manner in which medical identity theft occurs is relevant for any health-care organization, how victims feel about it – and who they hold responsible – is even more critical. Although nearly a quarter of the surveyed victims admitted to acting in a way that led to the medical identity theft (by willingly sharing their information), they see culpability elsewhere.
Fifty-three percent believed that negligence on the part of their health-care provider was a contributing factor in the theft, and 30 percent were unsure. Fifty-five percent either strongly agreed (23 percent) or agreed (32 percent) that the Affordable Care Act would increase their chances of becoming a victim of medical identity theft.
How does this impact health-care organizations?
The impact on victims is undeniable, and ranges from embarrassment and reputational damage to financial loss ($13,453.38 on average), denial of valid claims and even loss of their health insurance. For health-care organizations, the impact can seem more amorphous, affecting how consumers perceive them. Yet negative consumer perception can directly impact an organization’s bottom line and its ability to remain in business. Among its many financial and emotional damages, medical identity theft erodes the relationship between patient and provider.
Eighty-five percent of medical identity theft victims said the incident affected their confidence and trust (35 percent) or significantly affected their confidence and trust (50 percent) in their health-care providers. Just 15 percent felt it had no impact.
Still, the door is open for health-care organizations to retain consumer trust. Less than half of those surveyed said the loss or theft of their medical records would prompt them to change health-care providers.