BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Regeneron CEO & CSO: The Real Healthcare Problem Is Bigger Than You Think
Pfizer CEO: How The Biopharmaceutical Industry Creates Value (And Jobs) For The U.S. Economy
Gradual Progress In Precision Non-Oncology, But Challenges Persist
Amid Executive Shuffle, Anthem Looks To Expand Health Services
'Forest Bathing' Really May Be Good For Health, Study Finds
Not Fun In The Sun: Summer Infections From Animals
Edit Story
ForbesInnovationHealthcare

New Study Says Over 2 Million Americans Are Victims Of Medical Identity Theft

Dan Munro
Contributor
Opinions expressed by Forbes Contributors are their own.
I write at the intersection of healthcare technology and policy.
Following
This article is more than 9 years old.

According to the Fifth Annual Study on Medical Identity Theft ‒ released today by the Medical Identity Theft Alliance (MIFA the number of patients affected by medical identity theft increased nearly 22 percent in just the last year.

The survey itself was conducted by the Ponemon Institute which estimated that of the 2.32 million Americans who have been victims of medical identity theft, almost 500,000 were in 2014 alone.

Since the survey was conducted in November of last year, the results did not include the recent Anthem breach  the largest healthcare breach in U.S. history which could affect up to 80 million Americans.

The distinction between medical identity theft and other types of identity theft like consumer financial information or credit cards is important for many reasons.

  • Data breaches in healthcare (like the Anthem breach) often involve permanently identifiable information like Social Security numbers and date‒of‒birth. This makes the data itself much more valuable, with a much longer shelf-life and easier for criminals to sell.
  • The direct out‒of‒pocket costs to victims of medical identity theft are significant. While the financial liability for consumer credit cards is often limited to $50 (and the card itself can be easily cancelled and replaced) the Ponemon study suggests that 65% of medical identity theft victims had to pay an average of $13,500 to resolve the crime.
  • Unlike credit card theft, medical identity theft victims are rarely informed by a healthcare entity about suspicious and potentially fraudulent activity for health services.
  • On average, medical identity victims typically learn of the fraudulent activity more than three months after a crime has been committed and 30% do not know when they became a victim. Of those who found an error in their Explanation of Benefits, about half didn't know who to report the claim to.
  • Full resolution of medical identity theft is hard to achieve and the Ponemon research suggests that only 10% of respondents reported achieving a completely satisfactory conclusion.

According to this latest research, the base rate (used to estimate the total number of victims by extrapolation across the U.S. population) has been steadily increasing for each of the last 5 years.

The organization sponsoring the annual survey is the Medical Identity Fraud Alliance. From their website, they describe the Alliance as "the first public/private cooperative specifically uniting all stakeholders in jointly developing solutions and best practices for the prevention, detection and remediation of medical identity fraud."

MIFA’s singular focus is on what has emerged in recent years as a significant and deeply personal healthcare threat ‒ medical identity fraud. Our mission is to galvanize all stakeholders in the healthcare industry around awareness, prevention, detection and remediation. Medical identity theft isn't just a financial threat ‒ it's also clinical ‒ and it has a much longer timeline than other forms of identity theft. Ann Patterson ‒ Senior Vice President and Program Director ‒ Medical Identity Fraud Alliance

Other findings from the 38 page report included:

  • Only 37% of respondents say their healthcare providers have informed them about the measures they take to protect medical records
  • 68% of these respondents are not confident that these measures will keep their medical records secure
  • Since 2012, agreement that the ACA puts personal health information at risk has increased from 34% to 55% of respondents
  • 50% of respondents agree or strongly agree that they would change healthcare providers if they were not confident in their healthcare providers’ security practices

Experian was one of the co‒sponsors of this year's survey and an MIFA member.

Consumer's have reached a kind of numbness to all the mega-breach announcements - which now includes healthcare. Almost 70% of people surveyed had no confidence in their providers ability to keep their medical records secure - and this was before the Anthem breach was announced. Michael Bruemmer ‒ VP, Consumer Protection ‒ Experian

The survey that MIFA sponsored in 2013 (here - also by Ponemon) resulted in even more sobering statistics around actual clinical risk.

  • 15% of respondents experienced a misdiagnosis
  • 13% of respondents experienced a mistreatment
  • 14% of respondents experienced a delay in treatment
  • 11% of respondents were prescribed the wrong pharmaceutical
  • 50% of respondents have done nothing to resolve the incident

The biggest challenge with medical identity theft is the long‒term nature of the risk. While it's largely unknown, it's potentially lifelong ‒ and now has an entirely new set of victims ‒ kids.

Unfortunately, it's the kids that can be the most affected by medical identity theft. They often don't find out about it until they get out on their own and begin to apply for health insurance or as they get older, life insurance.  The premiums they encounter as result of an earlier medical identity fraud can be among the highest available and often take years to straighten out. Robert Siciliano ‒ Online safety expert for Intel Security

Dan Munro
Dan Munro