How to safeguard patient data and prevent medical identity theft

Published: July 23, 2019 by Experian Health

Medical identity theft is a growing problem for the healthcare industry: nearly 15.1 million patient records were compromised in 2018, an increase of nearly 270% on the previous year.

While providers are busy rolling out patient portals and electronic medical records to better serve consumers, criminals are sneaking through the cracks to steal patient data and profit from vulnerable health systems.

The rapid rise in medical identity theft is partly explained by the fact that it goes undetected for much longer than other types of identity theft, giving criminals more time to use stolen personal information for financial gain. It’s also a lot more lucrative. Medical identities can be used to access treatment and drugs, make fraudulent benefits claims and even create fake IDs to buy and sell medical equipment.

This can be devastating for victims, both emotionally and financially. Unlike credit card theft, where victims aren’t considered financially liable, 65% of people who fall prey to medical identity fraudsters are left with hospital bills running into the tens of thousands. The compromised medical record is tough to reconcile, jeopardizing future medical treatment.

For providers, a data breach can mean significant reputational damage and loss of trust, and huge financial consequences – each breach costs an average of $2.2 million.

But what’s most alarming for providers is that more than half of data breaches originate within the organization. Unfortunately, many providers lack sufficient security protocols and detection tools to safeguard the data they’re holding.

The good news is that the tools exist to help you protect your patient data.

What can healthcare providers learn from other industries about identity protection?

Banking and financial services have pioneered identity protection over the last twenty years, and healthcare can learn a lot by looking at what’s worked in those industries.

For consumers, using digital technology to pay your bills, book flights and buy pretty much anything is the norm, all with reassuringly quick fraud detection and resolution.

Healthcare has been a little slower to embrace digitization in this way. Despite the opportunities, fears around security, privacy and inconveniencing patients have stalled efforts to transform outmoded processes.

Drawing on two decades of innovations in other fields, fast-paced technological developments mean many of the early challenges around implementing safe and secure patient portals have been overcome.

6 strategies to keep patient data safe

Here are six smart ways to ensure your organization has done everything possible to safeguard patient data.

  1.     Tell your patients how you’re keeping their data safe

Patient trust is at the heart of a successful patient-provider relationship. Share the steps your organization is taking to secure patient information, so patients feel reassured and confident in using their portal. Data security should be a key strand in your patient engagement messaging.

  1.     Verify patient identities to protect access to medical records

To avoid HIPAA violations, it’s critical to ensure you’re giving access to the right patient. Secure log-in monitoring and device intelligence can help you confirm that the person trying to log in is who they say they are. When something doesn’t add up, identity proofing questions can be triggered to provide an extra check.

In an exciting new development, the healthcare industry is also starting to see the use of biometrics to supplement existing identity-proofing solutions. Just as you might use facial recognition to unlock your smartphone, there are now ways to authenticate your healthcare consumers’ identity using the same technology.

  1.     Automate patient portal enrollment

You want your portal to be as secure as possible, but not at the expense of your patients’ time and effort. An automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.  

  1.     Arm your organization with a multi-layered security strategy

There is no silver bullet for protecting patient information—it will require various tools. A robust data security strategy will be multi-layered, including device recognition, identity proofing and fraud management.

  1.     Educate staff on security threats and warning signs

Data breaches aren’t all malicious – human error is a massive component, from mailing personal data to the wrong patients, to accidentally publishing data on public websites or leaving a laptop behind after getting off the subway. Training staff on the potential pitfalls will help them help you in protecting confidential patient information.

  1.     Develop a robust device strategy

‘Bring Your Own Device’ arrangements (BYOD) are convenient for staff and patients, but personal devices need to be secured when accessing patient information across the network. Make sure your teams, patients and visitors are aware of how to log-on securely to WiFi and follow best practice to keep data safe.

In a climate of ‘doing more with less’, healthcare leaders are turning to other industries to find ways to boost quality of care and streamline operational efficiency. Automation, digitization and consumer-centric approaches make good business sense across the board, but they’re sensible investments for your data security strategy too. Investing in secure patient identities is a way to prevent painful and unnecessary losses down the line – and it’s what patients have come to expect.


Find out what more you could do to shore up your data security and prevent medical identity theft.

Related Posts

This article discusses how healthcare organizations can prevent medical fraud and ensure eligibility integrity.

Published: February 14, 2024 by Experian Health

With support from Experian Health, the Council of State and Territorial Epidemiologists (CSTE) assisted state health departments with tracking...

Published: June 6, 2022 by Experian Health

It's time for healthcare providers to rethink patient access with patient-friendly digital solutions. Read the blog post to learn how.

Published: May 9, 2022 by Experian Health

Subscribe to our blog

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to the Experian Health blog

Get the latest industry news and updates!