Medical Identity Theft in Healthcare Organizations and How to Prevent It

by | Last updated Oct 11, 2023 | Published on Nov 27, 2017 | Data Entry Services

Medical Identity TheftMedical identity theft is when someone steals or uses your personal information (like your name, Social Security number, or Medicare number) to submit fraudulent claims to Medicare and other health insurers without your authorization. This makes processes such as medical data entry risk-prone and sensitive. Medical data can be compromised in-house or to outside entities. When utilizing documentation services and other in-house or outsourced solutions, you need to be extra cautious and have adequate security measures in place.

Medical data theft usually occurs following

  • an offer of free medical equipment or services followed by a request for a Medicare number
  • a request from a friend, relative, or stranger to borrow or pay to use a Medicare card or other identity card, or
  • a telephone survey that asks for a Medicare number

To fight such identity thefts, Medicare will be mailing every beneficiary a new card with a unique new number to identify them. Known as Social Security Number Removal Initiative (SSNRI), this mission will begin by April 2018 and end on December 31, 2019.

According to a February 2017 survey from Accenture, one in four U.S. consumers (26 percent) have had their personal medical information stolen from technology systems. The findings show that half (50 percent) of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average. It was found that the breaches were most likely to occur in hospitals, followed by urgent-care clinics (22 percent), pharmacies (22 percent), physician’s offices (21 percent) and health insurers (21 percent).

What Goes Wrong If Patient ID Is Not Protected? reports the case of a former clinic employee, who was accused of stealing patients’ information and used one of the victims’ identity to rent a car. The accused is thought to have stolen the medical records of 10 patients of Atlanta Asthma and Allergy where she worked.

BizTimes reports that confidential information of about 9,500 patients was compromised in a phishing attack on the Medical College of Wisconsin’s email system, during the period July 21-28, 2017. The compromised email accounts contained one or more of the following: names, home addresses, dates of birth, medical record numbers, health insurance information, dates of service, surgical information, diagnosis/condition and treatment information.

Button image

Business Examiner reports that the Department of Social and Health Services’ Behavioral Health Administration has confirmed that an employee at Western State Hospital had sent a spreadsheet containing private information of 515 patients to an incorrect email address. Personal health information such as names, admission dates to Western State Hospital, the Western State Hospital medical record number, date of birth as well as specific diagnosis of infection were included on the spreadsheet.

WKBW reports the case of an Orchard Park doctor, who has been arrested after being accused of getting drugs through fraud and identity theft. This doctor had fraudulently used the names of dozens of patients, both dead and alive, to obtain controlled substances.

Healthcare Organizations

Protect Patient Data from Identity Theft

Patient healthcare records contain a wealth of personal and financial information, from Social Security numbers and birth dates to credit card and bank account numbers, making it valuable to commit fraud.

Every hospital needs to be aware of and prepared to prevent such thefts and ultimately reduce your hospital’s risk. These steps can be helpful.

  • Consider better identity verification based on Equifax, Experian, TransUnion and LexisNexis identity verification and knowledge-based authentication.
  • Invest in the right health IT solution and secure storage options to ensure the safety of patient information.
  • Educate patients about medical identity theft, as many cases of fraud could be prevented if patients paid closer attention to their records and statements.
  • Hospital staff should also be trained to identify any errors that could signal fraud during patient interactions and when processing paperwork.
  • Never store unnecessary patient details. Outdated or unused medical information should be disposed of in a responsible manner. When no longer needed, shred documents containing personal information.

Strict data security measures should be followed to keep PHI safe. Healthcare firms considering data entry outsourcing should make sure to choose a partner that adheres to HIPAA guidelines.

Recent Posts

The Future of Real Estate Data Entry  Outsourcing: Trends to Watch

The Future of Real Estate Data Entry Outsourcing: Trends to Watch

Recently, we had a popular property management company call us up to inquire about our real estate data entry services. They were facing some challenges with handling data in-house and wanted a customized solution that would work for them. It’s not surprising,...

The Importance of Big Data in the Banking and Finance Sector

The Importance of Big Data in the Banking and Finance Sector

Business organizations have huge volumes of data and they need to use efficient methods to turn their data into usable, digitized information. Big Data includes both structured and unstructured information. According to Gartner, big data refers to information assets...

Choosing the Right CRM Data Entry Outsourcing Partner: Key Considerations

Choosing the Right CRM Data Entry Outsourcing Partner: Key Considerations

Customer relationship management or CRM solutions are used by businesses of all sizes these days. CRM software facilitates the management of orders, issues, and customer data. Additionally, it can offer behavior insight that companies can use to grow. Entering data...

Share This