Dale Penn

Part 3 of 3

A Prescription to Prevent Prying Eyes

Your doctor’s office, clinic or hospital are clearly in the bulls-eye when it comes to being targeted by predatory identity thieves. Insurance company records are under attack as well. Many of the bad guys are on the outside trying to get in to databases and files, but unfortunately many culprits are on the inside and can’t resist the temptation to pry or steal.

Sadly, the market demand for our most private health-related information is quite high and therefore tempting for those inclined to take advantage of their to access to our most private health matters.

Privacy experts, attorneys and fraud investigators have their hands full battling fraud and theft on these fronts. As I mentioned a couple of posts ago, the FTC reported in a recent survey that 3 percent of U.S. identity crime victims (250,000 people) had some form of their personal information used to obtain either medical services or false insurance claims payments.

If your company is in the habit of searching for the best value in medical benefits for employees, there is a good chance that they will make a switch to a new provider for “better benefits”. While that could be good for the company’s bottom line, your medical history has now been replicated in a new place and “abandoned” in another. These realities of the health care landscape make vigilance a necessity.

The Washington Post reported earlier this month about a peer to peer data breach that involved the medical records of at least 1000 patients at Walter Reed Army Medical Center. In many cases, breaches are caused by the careless downloading of file sharing or peer to peer (P2P) software by careless employees at work.

Leading the way again, California passed legislation this year requiring notification when consumers’ medical information is “improperly accessed”. Only Arkansas has passed similar legislation and the topic is now being debated in Congress.

Here are 10 ways you can protect your medical history, your records and your health.

• Limit your authorization for release of medical records to anyone unless it is an absolute necessity.
• Inspect all your insurance statements for accuracy and the absence of any discrepancies.
• Put your shredder (cross cut) to work on any health or medical documents that you may discard.
• Ask for and inspect your medical records or statements for any benefits which may have been paid for under your name, but not received.
• Monitor your credit report for any collection notices filed by medical providers.
• While not always easy, make a serious attempt to correct any inaccuracies in your medical records.
• File a police report if your information is stolen.
• Read and digest the privacy statements of all your medical providers and request copies for your records.
• Remember that your medical records are just as vulnerable as other sensitive documents. Keep them out of reach and out of sight.
• According to the Identity Theft Resource Center, if you are a Medicare patient, you should make a photocopy of your Medicare card and carry a wallet sized version with only the last 4 digits of your Social Security number showing. The original should be locked away. The name and contact information of a trusted person should be included in your wallet. This medical contact person should have on hand the following information: the last 4 numbers of your SSN, your pertinent medical history, the name of your doctors and a list of all your medications. This tip could be a lifesaver.

Part II in a series

It would not be an exaggeration to say that medical identity theft could possibly kill you.

Research indicates that there may have been as many as 500,000 medical id thefts in just the last two years. Much of recent medical id theft has gone on undetected, which presents the real threat. We don’t even know we are victims…..yet.

Because this violation of our medical privacy can go on for years until it is discovered, the threat looms even larger for those who rarely seek medical services or advice. Sadly, these medical privacy breaches are not much of a priority for most health-care providers.

According to a recent Price Waterhouse Coopers report, the situation is not only dire in the United States, but around the world. Studies indicate that less than 50 percent of medical facilities even bother to encrypt your health data before transmitting or storing it electronically.

The opportunities for caregivers to misdiagnose a patient’s condition are drastically increased due to potentially false or inaccurate medical information being stored and shared in databases worldwide.

The recent disclosure that the medical files of George Clooney, Britney Spears and Maria Shriver were recently “snooped on” by curious hospital workers is a case in point. Just as most companies strive to prevent attacks and hacks from insiders, health-care providers are just waking up to the same stark reality.

We have become victims of not just the criminals, but victims of the curious. Marc Rotenberg, director of The Electronic Privacy Information Center agrees. “Now we’re moving into an era where many of those same problems occur with medical records.”

Next post, we’ll look at specific recommendations to help make and keep you a smaller medical identity theft target.

Part I:

What you can’t detect, anticipate, control or prevent could kill you.

There is a dark world far beyond the gates of mere identity theft. This region lies beyond the boundaries of credit card fraud, phishing and pharming scams or corporate data breaches.

The victims who inhabit this world are reportedly growing in number. The Federal Trade Commission (FTC) recently reported that as many as 250,000 Americans may be engulfed in medical identity theft each year.

The current economic climate fans the flames of temptation for perpetrators who include health care workers, those with access to medical and insurance records and regular Janes and Joes who are personally struggling with the economic reality of “too much month left over at the end of the money.”

Its not just the career criminals who are taking advantage of the health data that falls into their hands, but desperate and otherwise harmless opportunists who can’t resist the temptation to latch on to someone else’s medical history.

Consumers drowning in debt, may find the lure of this type of theft too great to resist according to Chris Dorn, a fraud expert with Ingenix, a health care investigations firm in Eden Prairie, Minnesota. Dorn says “Anytime you have 47 million Americans without adequate health care coverage, you will have people out there willing to steal it.”

The life threatening nature of this type of fraud and theft are apparent. Imagine that someone else’s medical problems were suddenly thrust into your medical records without your knowledge. This could change the way you are treated in a hospital or emergency room, change your blood type and allergy records or litter your personal medical files with maladies that could affect your ability to travel or to obtain certain types of insurance.

Next post, I’ll take a closer look at this growing problem and examine what the experts are commonly referring to as the age of “medical exploitation.”

Ironic twist makes this incident noteworthy!

Even high profile identity theft advocates are vulnerable to the threat of data loss, data compromise and data crime.

Representative Joe Barton (R-Texas) was among 3000 patients whose records were reported missing by the National Institutes of Health. An NIH laptop containing the medical records for the patients was reported stolen from the trunk of a vehicle according to a report this month by The Associated Press.

Here’s the irony. Barton is a founder of the Congressional Privacy Caucus, whose mission among other things is to educate members of Congress and their staffs on matters of individual privacy.

It is noteworthy that Rep. Barton only found out about his own breach in press reports. Barton has asked the inspector general for the Health and Human Services Department to investigate why the information wasn’t encrypted and why the NIH delayed disclosure of the breach.

As difficult as it may seem to protect your financial identity, your medical records are much harder to secure. This is primarily because patients have no control over the handling and care of their own personal medical records.

The federal regulation designed to prevent these unsettling scams is the Health Insurance Portability and Accountability Act ( HIPAA) Privacy Rule. Unfortunately, it can be extremely difficult for patients to correct inaccuracies in their medical records, because insurance companies are not compelled to correct records which they did not create.

According to a report on msnbc.com, one medical identity theft victim had the contents of her wallet removed and despite the fact that she quickly cancelled all her credit cards, had almost $14,000 in prescription meds and treatments charged up in her name. Over the next four months, restoring her identity became a part-time job. She fought off bill collectors, struggled to get her own medical prescriptions paid for and nearly got arrested herself on suspicion of being a co-conspirator in the scam.

The numbers can be deceiving. According to the Federal Trade Commission, only 3 percent of U.S. identity-crime victims have their information used by others to obtain medical services or false claim reimbursements. This still means that nearly 250,000 Americans may be victims each year! The rising cost of health-care will only make these crimes more prevalent going forward.

The lurking dangers of not being able to access your own health benefits or having your medical records polluted with potentially life threatening mis-information makes this topic a sure recipe for more than just heartburn.