Search This Blog

Wednesday, March 26, 2008


Earlier posts on this subject, Part 1, Part 2, point out how medical identity theft has been developing over time, and how it has begun to escalate recently since the bad guys have realized the return can be much better than its counterpart on the financial side. As an example, a medical identification number brings $50 on the street as compared to your Social Security number which is worth about $1 today. According to the World Privacy Forum in an article by Jim McKay, medical ID theft accounts for 2.7 percent to 3.2 percent of total ID theft. It takes two forms: 1) using a stolen physician’s identification number to bill for services sometimes not rendered; 2) doing the same with the patient’s ID, which can be tragic in its consequences if you are the victim and later treated for someone else’s illness. Of the $60 billion attributed to health-care fraud, $600 million is caused by medical ID theft. And, unfortunately, there is no where to turn based on the loosely written Health Insurance Portability and Accountability Act (HIPAA). So the scams are beginning to escalate, like a clerk at a medical clinic in Florida who stole and sold 1,100 patient IDs resulting in fraudulent Medicare billing of $2.8 million. Or a ring of 38 people, in Florida again, who bilked Medicare out of $142 million. Not only is HIPAA no help, sometimes it even blocks attempts for consumers to correct their medical records. HIPAA policy says that “if incorrect information leads to inappropriate treatment, the correct information must remain to preserve a paper trail.” That is bureaucracy at its best, or worst if you are the victim. McKay says the World Privacy Forum “advocates a National Health Information Network that would be established using comprehensive risk assessments that prevent medical identity theft while protecting privacy, and more mechanisms for individuals to correct errors in their medical histories, as well as notification of medical data breaches to consumers.” I am not against the concept but I think anyone in the privacy field is running scared that what might be created is another database monster—this time with our most personal data—that will be vulnerable to identity thieves. In a Washington Post piece by Michael Gerber, he is once again talking about the Microsoft and Google personal health record databases, pointing out that many privacy advocates are warning the public to be cautious, especially if the PHR is offered through a health insurance company. This may be sold as a service to policy-holders, but my guess is that it is one more way to get your private information, in some cases with the possibility of causing problems with your coverage or claims. In today’s business and government environment, we are constantly bombarded with requests for more information on our private lives, data that becomes a permanent part of some company’s or agency’s database. We are assured by privacy policies that the collector will secure our sensitive data, and the next thing we find out is that this information has been breached. The question is just where is the balance that can make all this work? We’ll get to that next.

No comments: