MedPage Today reports on the growing problem of medical identity theft, which affected 250,000 people by 2009, according to (pdf) the Federal Trade Commission. For more information: The FTC has released “Medical Identity Theft FAQs for Health Care Providers and Health Plans,” which has advice for how to protect patients from identity theft. Also, the World Privacy Forum has created an interactive map about medical identity theft cases in the United States.
MedPage Today reports that there are also problems with misuse or abuse of medical data by insiders with authorized access to the files:
Nearly four out of 10 doctors and hospitals surveyed have caught a patient trying to use someone else’s identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC).
Patients seeking medical services under someone else’s name was the second most common privacy or security issue reported by healthcare providers, according to PwC’s nationwide survey of 600 executives from U.S. hospitals, doctors’ organizations, health insurance companies, pharmaceutical manufacturers, and life sciences companies.
Medical identify theft is the fastest-growing form of identity theft, affecting 1.42 million Americans in 2010 and costing more than $28 billion, the report said. […]
But the single most commonly reported breach in the security of patients’ private health information was improper use of patient data by a person who works for a doctor’s office, hospital, insurance company, or life sciences organization. The breaches ranged from an employee leaving private documents out in plain sight, to making improper comments on Facebook, or even talking in the elevator about a person’s protected health information.
“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error — loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” James Koenig, director of the Health Information Privacy and Security Practice at PwC, said in a press release. […]
Rounding out the top three most common privacy breaches was improper transfer of files containing personal health information to people who weren’t authorized to view the information. One in four insurers reported improperly transferring files that contained protected health information.