Written by Duncan West
There are a number of recent online articles and posts in the health industry and general media about loss of electronic health identities. MIN-NS takes security very seriously both operationally and as a topic of concern for our growing base of subscribers.
Clearly, electronic medical records are much more likely to be the target of hacks and attacks than file rooms full of paper charts. How can community medical records help prevent fraud and reduce the value of stolen medical records? More about that after the links.
- In an article about Chinese hackers breaching Community Health Systems network for 4.5 million patient records the NY Times noted that stolen health credentials are worth $10 each. The primary use of stolen medical identities is Medicare fraud.
In June of this year, Fierce Health Payer cited the value of a basic health identity as $20, and a complete identity with cards for identity, insurance and credit going for $1,500.
This breach was covered here in a previous post which quoted the value of a medical identity as $50 to $250.
- An October article in Fortune magazine noted that in the last five years, breaches of medical data have quadrupled. The article cites the fragmentation of medical records as making fraud more possible. It also cites the completeness of the records as allowing multiple resale of the information for various credit, healthcare, and identity theft sales. No dollar value assigned.
- An August article in Fortune magazine noted several causes of medical identity theft. Included were third party hacking, loss of an unencrypted mobile device, employee error and “Robin Hood fraud.” The latter is sharing health insurance information with a friend or relative so they can receive care.
The Fortune articles cite a 2013 Ponemon Institute report (available here after registration) that surveyed victims of medical identity theft. Almost 60% of that group had their medical identity used by a family member or friend. Thirty per cent of the surveyed group, or just over half the family and friend group had voluntarily shared their medical identity.
So, medical identities have value for identity and credit theft purposes and as a means of receiving health care fraudulently. It is in the prevention of fraudulent use of a medical identity that HIEs such as MIN-NS can help. We provide a line of defense when a provider suspects identity theft from a first time patient. A check of the community medical record can show that the 5 foot 8 male who presents was seen 6 months ago as a 6 foot male with an obvious scar on his face.
Conversely, when a medical identity is stolen the HIE can supply records from other providers which show that the 'real' patient is allergic to penicillin even when the local records of the imposter patient do not reflect that allergy
Health information security is not just protecting patient privacy, or a means of avoiding breach penalties. Both are important, however patient lives can be at stake when the stolen or shared identity is used to receive care.