California Attorney General Kamala D. Harris has issued two documents concerning medical identity theft, which can have profound effects on an individual’s privacy and financial well-being. The first is a report, “￼Medical Identity Theft: Recommendations for the Age of Electronic Medical Records” (Calif. pdf; archive pdf), with “guidelines on preventing and remedying medical identity theft, including best practice recommendations for the health care industry and tips for consumers,” her office said. “The report focuses on the impact of identity theft on the accuracy of medical records and argues that the serious risk that inaccuracies pose is not always adequately addressed by existing healthcare industry procedures.” Here’s an excerpt from the executive summary:
Medical identity theft corrupts medical records with erroneous information that can lead to incorrect diagnosis and treatment, and is therefore a quality-of-care issue that directly impacts the core mission of the health care industry.
One form of medical identity theft, accounting for nearly half the victims, should begin to decline as the Patient Protection and Affordable Care Act takes effect. Nearly half of victims report having shared their own identifying information with a relative or friend to allow that person to obtain medical services, according to a survey recently released by the Ponemon Institute. By extending coverage to many who are now uninsured or underinsured, the Affordable Care Act should help to stem the increasing rate of medical identity theft.
Unfortunately, victims of medical identity theft often lack rights and resources comparable to those available to address financial identity theft, such as free annual access to records, flags on compromised identities and records, easy access to records suspected of containing fraudulent information and correction of information resulting from fraud. With the Affordable Care Act’s mandate to move to electronic medical records, the health care industry has an opportunity to develop best practices to address remaining medical identity theft issues.
The second document is a guide to consumers, “First Aid For Medical Identity Theft” (Calif. pdf; archive pdf), with tips for individuals on how to identify and respond to medical identity theft. Here’s one sign:
Receipt Of A Breach Notice
You get a letter from a health care organization. The letter tells you that your information was involved in a data breach, which means your infor- mation left the organization’s control for a period. The letter usually describes what happened. A burglar, for example, may have stolen an em- ployee laptop, or a hacker may have reached into the organization’s computer system. The letter also shares what type of information was exposed. It could be health insurance numbers, Social Security numbers, or medical information. Some informa- tion types can put you at greater risk than others, so look closely at this part of the letter.