Half of Consumers Unaware of Medical Identity Theft Risks: Report

As health records go digital, people lack knowledge of identity theft threats, and if they knew, more than half would switch providers, the Ponemon Institute reported.

Half of consumers are unaware that medical identity theft can damage their medical records and threaten their lives with inaccuracies, according to a new report by the Ponemon Institute, an organization that conducts research on privacy and data.

Identity theft—which can involve using someone's identity to receive medical services or prescription drugs—leads to misdiagnosis, mistreatment or incorrect prescriptions, according to the "2013 Survey on Medical Identity Theft," the fourth-annual report on the topic, released by the Ponemon Institute Sept. 12.

About 56 percent of consumers would find another provider if their doctors were unable to keep their medical records secure, according to the survey.

"Very few individuals are even aware that this dangerous fraud exists," said Robin Slade, development coordinator for the Medical Identity Fraud Alliance, an organization that sponsored the survey. The group fosters collaboration between tech services companies and health care providers to build technology to address medical identity theft.

Many of the health care providers surveyed were small and midsize organizations that "don't appreciate the potential risks," despite the existence of regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Larry Ponemon, chairman and founder of the Ponemon Institute, told eWEEK.

In addition, 56 percent of consumers fail to check their health records because they're not sure how and simply trust their doctor to keep their records accurate, according to the survey, for which the Ponemon Institute interviewed 788 adults who either suffered from medical identity theft or know a family member who was affected.

Of the respondents interviewed, 78 percent said it was important to take control of their health records, but they had not done so. In incidents of identity theft, 29 percent were discovered in a medical record, the Ponemon Institute reported.

In 2013, about 313,000 medical identity theft cases were reported, the Ponemon Institute said. In its 2012 survey, the institute revealed that 52 percent of health organizations had reported an occurrence of medical identity theft.

Theft of this kind has affected 1.84 million victims in the United States to date, and the number of individuals affected has increased 20 percent in the last year, according to the survey.

Identity theft often occurred due to family fraud, in which people shared their medical identification with family members or friends to seek medical treatment or purchase health care products or medication. Of respondents surveyed, 30 percent reported sharing medical identification with someone they knew and 28 percent of respondents said a family member had used their medical credentials without their consent. In addition, 48 percent of respondents said they knew the thief and declined to report the person.

Knowledge and awareness as well as good authentication methods help combat medical identity theft, according to Ponemon.

Still, security technology can only go far, said Slade. "We can clearly say that malicious intrusions are exposing an enormous amount of data, and we need to protect PHI [personal health information]," she said.

"There's no one technology that will be a panacea here," Slade added. "It's a matter of organizations looking as a whole at the risk-management processes."