|
By John Pulley
A Colorado man receives a $44,000 bill for colon surgery he did not have. Social workers in Utah accuse a woman of giving birth to a methamphetamine-addicted baby and threaten to take away her children. A mortgage lender rejects an application to refinance the home of a couple whose credit history is riddled with mysterious claims of unpaid medical bills.
All are victims of medical identity theft, a crime involving the use of stolen personal information to pose as someone else for the purpose of getting drugs, medical treatment or health care equipment. The crime has long existed in a somewhat benign and largely dormant form. Now, as the health care sector transitions to electronic formats, it is metastasizing.
“Medical identity theft is a new term for an old problem,” said Barbara Cox, senior principal for the Information Management and Systems practice at Noblis, a not-for-profit science and technology consulting firm. “It is becoming more heightened because of moving more data electronically.”
Weak, nonexistent or unenforced laws; inadequate governmental oversight; rising health care costs; large numbers of uninsured and underinsured patients; and weak procedures for verifying patients’ identities fuel the growth in medical identity theft.
“The federal government hasn’t stepped up,” said Adam Levin, former director of the New Jersey Division of Consumer Affairs and now chairman of Identity Theft 911, which provides information on avoiding identity theft. “It’s coming late to the party.”
Privacy advocates contend that the move to electronic medical records could further jeopardize patients’ privacy. They say the development of EMRs, wireless health information technology and the Nationwide Health Information Network could be a boon for criminals.
“Unless something substantial is done, [the national system for exchanging electronic health data] is going to be an engine to facilitate medical identity theft,” said Pam Dixon, executive director of public interest research group World Privacy Forum.
The scale of the threat
The Federal Trade Commission estimates that 8.3 million people were victims of identity theft in 2005. Some 3 percent of them, or about 250,000 people, were victims of medical identity theft.
“The most common thing is to get drugs — OxyContin and other controlled substances,” said Alex Johnson, a former FBI fraud investigator who leads the special investigations unit at Regence, a health insurer in the Northwest. For example, a man in Pennsylvania used a stolen identity to obtain more than three dozen prescriptions for Viagra.
In addition to the financial and legal consequences of ruined credit and maxed-out insurance benefits, victims of medical identity theft often are left with corrupted medical histories. Blood types are changed and allergies are added or deleted, for example, which could result in victims receiving ineffective or harmful medical treatments. Adding insult to injury, victims of identity theft are sometimes suspected of being thieves themselves.
Health care facilities tend to be trusting institutions, and medical workers are not always trained to detect fraud. The simple act of requiring patients to show photo IDs is far from the norm. In that environment, medical identity theft is easy to commit.
“The entire system of identification is based on the honor system,” said Robert Siciliano, chief executive officer of IDTheftSecurity.com.
If not for the seriousness of the consequences, the brazenness of some thieves would be comical. In one case, a boy seeking medical care used the identity of a 40-year-old woman. “They just don’t look at stuff like that,” said Heather Wells, a recovery services manager at ID Experts, which helps restore identities corrupted by thieves. “ It’s definitely going to get worse.”
By way of protection, privacy advocates urge consumers to never divulge personal information to unknown parties and regularly check their credit reports and explanation of benefits statements. But until government and industry move to secure medical data, patients’ options for limiting their exposure are limited.
“Medical identity theft can only be fully prevented if you haven’t been born yet,” Siciliano said. “Once you have a medical record and a Social Security number, the cat’s out of the bag.”
Flat-footed response
So far, the government offers little help to victims of medical identity theft, and laws lack aggressive enforcement tools. Those that regulate the financial sector give consumers the right to review credit histories, challenge inaccuracies and restore credit scores. But those rights don’t exist for victims of medical identity theft.
“This crime falls squarely between gaps in laws…[and] gaps in federal agency jurisdiction,” Dixon said.
The federal law that deals with the privacy of medical information — the Health Insurance Portability and Accountability Act — can actually impede efforts to clear the wreckage of medical identity theft. HIPAA’s privacy provision limits access to information about the health and medical care of individuals, which can include patients’ medical records and payment histories. In a perverse twist, health care organizations have denied victims access to parts of their medical records on the grounds that they contain information about other people. In the universe of HIPAA regulations, identity thieves deserve privacy, too.
“Other than enacting the Real ID Act, the government isn’t doing enough — or anything effective — to prevent financial identity theft,” said Siciliano, referring to a federal law that imposes standards on state driver’s licenses. “For medical identity theft, HIPAA was a start, but that’s not enough to prevent fraud.”
FTC has moved to address medical identity theft in the interest of consumer protection, but its role is limited. In June, the Office of the National Coordinator for Health IT announced that it had contracted with Booz Allen Hamilton to perform an “environmental scan of the medical identity theft problem in the U.S., particularly focusing on the intersection of health IT.” The Health and Human Services Department declined to comment on the initiative.
“The sense I get is that [HHS officials] are trying to grapple with all the aspects…of the project to bring about the Nationwide Health Information Network,” said Burke Kappler, a lawyer in FTC’s Division of Privacy and Identity Protection. “This is an evolving problem. We are still trying to identify the contours of the issue.”
Shadowy target
If the policy aims are unclear, the technology challenges are even fuzzier. On the black market, low-quality personal identities can be bought and sold for pennies apiece. High-quality records that include names, addresses, Social Security numbers, birth and death information, and other sensitive data — the kinds of records health care organizations hold — have a street value of up to $60 each.
Systems used to secure such records don’t always incorporate a recognition of their underlying value. Also, health care systems are designed to be relatively easy for medical providers to access.
Identity thieves gravitate toward “the softest targets that yield the highest value,” said Gunter Ollmann, chief security strategist at IBM Internet Security Systems. “From a network perspective, the health care industry has always been pretty far behind the financial and retail sectors. ”
In a poorly secured environment, an employee with an 80G Apple iPod could plug into an internal system and download names, addresses and Social Security numbers. Current IT vulnerabilities also make it easy for outsiders to pose as insiders. Having breached the first layer of security, criminals frequently find that they have the same access granted to legitimate users.
“Wireless technologies provide the quickest and easiest on-ramp onto a network,” said Richard Rushing, chief security officer at wireless security firm AirDefense. “The problem is that all of these networks are connected together.”
Fire vs. fire?
To combat medical identity theft, experts are seeking better ways to verify the identities of patients and health care workers who exchange medical data. Other approaches include enhancing wireless security, developing a standard security framework, improving information audit trails, and quickly applying software patches and tools designed to halt suspicious activity.
“The medical industry is awakening to the fact that electronic records are here to stay,” said Jerry Byrnes, manager of biometrics technology and strategic planning at Fujitsu Computer Products of America.
The company makes an identity-verification system that uses infrared light to read and match the vein patterns of users’ palms. “If properly done, [electronic records] are far more accurate, but they are also far more vulnerable.”
Privacy and security professionals say the health care industry could also benefit from systems similar to those the credit card industry uses to identify suspicious patterns of use. Most health IT systems are incapable of flagging the record of a patient who appears to simultaneously be receiving care in two cities.
“There is a substantial need for a common security framework that is created by industry, for industry and is therefore better able to quickly adapt to changes in technology and business practices as well as to constantly changing threats,” said Daniel Nutkis, CEO of the Health Information Trust Alliance, an industry group that promotes secure health information systems.
However, using IT to combat medical identity theft could prove to be a case of fighting fire with fire. “The same technology that would do a better job of finding errors is the same technology that facilitates the problem,” said Laurinda Harman, an associate professor at Temple University’s College of Health Professions.
|
 |
|
Want to learn how water contamination then remember to always boil your water to kill all the germs.
There are many different ways to perform the treatment of water because water is a necessary and vital necessity to life itself.
If you are learning how to clean air and the cost associated with this, then you have come to the right place to learn how from my new ebook.
Since when did learning how to clean water was a difficult task? Some types include boiling water, desalinization, water filters (like brita or pur), and specialized processes and methods.
Posted by johny on October 9, 2008
Best wholesale service, quick china wholesale delivery, nice wholesale products, is there anything more you can expect on this platform? This net will build up a link between you and you supplier so that to be sure you would have a satisfied wholesale apparelwholesale apparel trading. The account managers will take care of all your wholesale products questions, inquires and help you manage your account. We provid popular wholesale products such as wholesale watch and wholesale necklaces . Different from other platforms, we also provide consumer electronics products, for example car electronics and digital camera. Meanwhile, we offer the best bluetooth phones and GPS Cellphone . Well begun is the half done. Please choose our platform to shorten your way to the success
wholesaleportable speakers,mini speakerwholesale,wholesale ipod speakers,and we offer mp3 speakers ,ipod speakers!
Posted by samenzhen on October 27, 2008
buy cheap allegra buy cheap zyrtec buy cheap lamisil buy cheap aciphex buy cheap zyban buy cheap effexor buy cheap celexa buy cheap celebrex buy cheap zocor buy cheap cipro
Posted by Stratos56 on November 11, 2008
GIF to Swf Converter is currently best and wonderful gif to swf converting software.
Posted by cautionyou on November 20, 2008
|
|
|
|
To post a comment you must be a registered user of GOVHEALTHIT.com and be logged in. Use one of the forms below to login or register for FREE to GOVHEALTHIT.com
|
|
|
|
