Think Data Breaches Are Just About Personal Identity Theft? Think Again.

When we think about a data breach in a medical or health care setting, we usually tend to worry about a patient’s personal identity being stolen –someone using that person’s social security number and/or credit card information. Less often do we worry about someone stealing a patient’s medical identity. But, unfortunately, this is a problem that is looming on the horizon and only expected to get bigger.

While we have all heard of the nightmarish consequences of someone having their identity stolen and the financial and logistical havoc that it can wreak, having one’s medical identity stolen can do all of that and affect a patient’s health. A recent article on medical identity theft said that the number of medical identities stolen in 2007 was 200,000 and by 2011 grew to 1.49 million victims –a growth of almost 800%.

Why would someone steal a patient’s medical identity? Because health care is expensive. Several cases of medical identity theft have been publicized and vary widely. In one such case, a woman stole another woman’s medical identity and gave birth to a child (using the victim’s insurance and name) and was later investigated for child abuse causing the victim to nearly lose her own children due to the confusion.

Interestingly, the article goes on to say that a little more than one-third of all medical identity cases were committed by family members –and not necessarily a data breach. Even if this is the case, health care organizations still have an obligation to verify a patient’s identity using authentication procedures. Not doing so can unknowingly contribute to the crime. Also, health care providers should investigate any possible oddities found in a patient’s record. If a patient’s record is breached, new, odd or conflicting information can be mixed with the victim’s record. Taking the time to investigate can possibly save many headaches for both the patient and victim and save the patient’s health down the road.