Everything About Medical Identity Theft 2020

Meta Description: The Ultimate Guide On The Meaning, Process, Preventive Measures, And More On Medical Identity Theft And Where Endoshred Comes In

With the internet taking the world by storm, privacy is no longer a choice. Regardless of the amount of data businesses around the world protect, data breaches happen ever so often. How are you protecting your company’s sensitive data? How is your business safeguarding important documents? How well educated are you about these wide-spread breaches?

Data breaches are growing across industries and the healthcare sector is no exception- in 2017, 27% of data breaches were related to medical records.

Medical Identity Theft has been an increasing threat for years now. In this blog, we will explore all that there is to understand the same at its very crux, by analyzing how to detect it, how it takes place, the legality behind it, how to prevent it, and more!

What Is Medical Identity Theft?

While it is usually the result of a wider data breach targeted at specific healthcare facilities, medical identity theft is the fraudulent act of using individuals’ identities and information to obtain medical services, equipment, bring up false insurance claims, etc. As this unlawful threat continues to rise, its impact on the healthcare sector is a growing concern. In 2014 and 2015, nearly 90% of the healthcare organizations suffered from a data breach- this alarming rate only goes on to urge the importance of adopting safety measures to protect your organization from stolen records.

PHI (Personal Health Information)

Personal Health Information or Protected Health Information refers to an individual’s medical history, insurance records, medical examination records, test/laboratory results, mental health conditions, billing information, patient-identity information, and more. It is therefore an overview of your health status, healthcare interactions/payments, etc- linked to your identity.

PHI is highly demanded on the dark web and these medicinal records are worth sixty times more than stolen credit card information. This thus becomes a prominent facet of medical identity theft and therefore must be protected at all costs.

PII (Personally Identifiable Information)

Personally Identifiable Information refers to any data that helps identify an individual. This includes social security numbers, login addresses, phone numbers, IP addresses, digital images, social media locations, etc.

When this is stolen along with a patient’s PHI- the thief’s treatment history may get mixed up with that of the victims and this can cause serious damage during the victim’s future healthcare interactions whereby subjection to misidentified medication/treatment plans end up causing long-term harm.

The impacts are financially, physically, as well as mentally draining.

How To Detect Medical Identity Theft?

A key factor of detecting medical identity theft comes with awareness- unless we understand the extremity/impact of this fraudulent act, we may not spot the red flags until it’s too late. Not to worry! We at Endoshred have identified ways with which you can detect the possibility of the medical identity theft-

Spotting The Red Flags

1.) Your health plan must be sending you a Medicare Summary Notice or an Explanation of Benefits (EOB) statement- read these carefully and try to be vigilant about details that don’t match with your treatment plan.
2.) If you receive information from a debt collector of a loan you never took/debt you don’t owe- this might be a sign of fraud behind the scenes.
3.) Medical Services bills that you did not receive are also to be tracked carefully. Always demand receipts for every payment you make.
4.) Your insurance is another major medium to track medical identity theft. If you are being denied insurance in the name of a medical condition you don’t have, then it is time to get cautious and take further action. Check the date of services provided, name of the provider, conditions treated, etc.
5.) If a notice is sent from your health plan saying your benefits’ limit has been reached when you haven’t used as much in the past, that makes another red flag.

These are some of the ways you can detect medical identity theft.

Remember that it is never too early to start being vigilant- it’s always better to be safe than sorry.

In case you spot any error in your medical documents, you need to notify your healthcare service provider immediately. Keeping reading to look into reporting of identity fraud in detail!

In order to track medical identity fraud better, here are some case studies through which you can get a better idea of its extremity- only when we understand its impacts do we start being cautious ourselves.

Case Studies

1. Ransomware Locky

In Los Angeles, Locky- a Ransomware, took computers hostage at a healthcare center and the victims had to spend a whopping $17,000 in ransom. Given that the information was encrypted, the hospital could not access parts of its network for over a week. Imagine the detrimental impact it would have had on the patients waiting in line for life-changing surgeries over the course of the week, or the general mix up in treatment plans.

2. Cyber Attack on a Phoenix- Based Medical Center

The computers of a Phoenix-based healthcare services provider were targeted for a cyberattack that compromised imperative recorded information of nearly 3.7 million individuals.

3. Information Compromised Due To A Stolen Laptop

The PHI of nearly 400,000 patients receiving services from a health care provider in California ended up being compromised due to an unencrypted, stolen laptop.

4. Data Breach Due To Improper Disposal of Documents

65 patient records were breached in Kentucky due to irresponsible disposal of documents. These files were found in the dumpster of an out-of-business radiology lab.

5. Phishing Scam in Los Angeles

Nearly 700,000 Electronic Health Records, or EHRs, that included pivotal information right from names, treatment histories, social security numbers, medical insurances, etc were stolen through a phishing scam in a Los Angeles health department.

6. Medical Identity Theft Caused By A Former Employee

In a Beverly-Hills plastic surgery clinic, a former employee caused the data breach of nearly 15,000 medical records that included the names and photographs of a number of high- profile celebrities.

7. Ransomware Attack- Pennsylvania

This posed to be a slightly different situation from Ransomware Locky. Although the Pennsylvania-based health care provider ignored the demanded ransom and went on to restore encrypted files from a backup server, they had to inform nearly 300,000 patients that their critical files were accessed by hackers.

Situations like these do not reassure a safe environment for your patients.

This is but the tip of the iceberg. There are several other cases around the world, the list goes on. In order to prevent such a situation in your healthcare organization, you must understand how this happens in the first place-

What Are The Different Ways Medical Identities Are Stolen?

In order to zero down on an action plan to prevent your medical center from widespread identity theft, you must be aware of the different ways your information can remain vulnerable. Fraudsters and identity thieves commit this crime by preying on an array of such vulnerabilities.

1. Document Disposal

It is crucial to get rid of disposable documents/information, hard or soft copies, in order to ensure maximum safety. The best way to do this is shredding. We at Endoshred ensure that your privacy is our priority and are dedicated to shredding the information you trust the most, in order to protect you from being vulnerable to cyber predators.

Undisposed documents that may still contain confidential information are among the major causes of security breaches.

2. Ransomware

In 2016, Ransomware was found to be the main cyber threat targeting medical organizations. Ransomware makes sure that hospitals can’t access parts of their networks and the victims end up paying large sums in exchange- this not only causes the healthcare provider a huge loss but also compromises patient care, delays critical medical procedures, and causes a general disruption in the overall system.

3. Hackers

Studies show that from 2015 to 2016 there has been nearly a 320% increase in cybersecurity attacks on healthcare providers. While digitizing the EHR schedules and shifts have phenomenally helped doctors and nurses to better care for their patients, it has also paved the way for hackers to prey on sensitive information.

4. Stolen Devices

When unencrypted devices such as laptops or phones consisting of crucial medical information are stolen, medical identity theft is almost always the end result. Always make sure that the devices you use are encrypted and that the IT team of your healthcare organization protects such information cautiously.

5. Credentials Being Taken Without Consent

A study by the Medical Identity Fraud Alliance showed that nearly 24% of medical identity theft victims claimed that their family members/friends took their credentials without consent. Always be aware of who you are giving your credentials to/who has access to them.

These are some of the mechanics of breaches. Medical Identity Fraud can be prevented if you better your awareness and actively take measures to strengthen your plan against the above-mentioned fields.

Medical Identity Theft- A Legal Standpoint

Legal Protection Against Medical Identity Theft In The United States:

HIPAA

HIPAA or the Health Insurance Portability and Accountability Act is a federal law protecting the privacy of medical centers, healthcare organizations, and health care providers against data breaches and medical identity fraud. The law clearly specifies and regulates how healthcare service providers must collect, retain, store, and transmit all information regarding patient care.

The five main components of the HIPAA are:

Furthermore, the HIPAA has four primary objectives, they are:

According to the Act, penalties for non-compliance range from $100 to $1.5 million dollars along with incarceration.

HITECH

In order to regulate information technology and data regulation around healthcare industries- the HITECH or The Health Information Technology for Economic and Clinical Health Act was enacted in 2009.

The Act aims to look into the privacy and security behind electronic transmission of healthcare data/information with ensured safety.

Several provisions in this Act also looked to strengthen the civil and criminal provisions of the above-mentioned HIPAA regulations.

The HITECH Act consists of four primary subtitles:

HITECH vs HIPAA- How They Strengthen Each Other

Although the Health Information Technology for Economic and Clinical Health Act and the Health Insurance Portability and Accountability Act reinforce/strengthen each other in some ways, they are not directly related.

Here are some ways they strengthen each other:

HITECH clearly mentions that technologies and technological standards curated within itself will not compromise HIPAA privacy and security laws.
Any physician or hospital that attests to meaningful use of HITECH must have performed a HIPAA security risk assessment.
While HITECH established data breach notification rules, HIPAA’s update reinforces these rules by enforcing its own regulations as well- holding healthcare providers' business associates accountable to the same liability of data breaches as the providers themselves is one such example of an added regulation.

For countries like UAE, it is worth going through their laws that define fraud and enlist guidelines of violations for the same. As we said, it is always better to be safe than sorry.

What Healthcare Providers Can Do To Prevent Medical Identity Theft

It is your responsibility as a healthcare provider to ensure the prevention of medical identity fraud and provide a safe and secure environment for your patients and all their critical information.

Where do you come in? What steps can you take to not become a victim to this fraudulent act?

1. Educate Your Patients

However big or small their treatment plan may be, identity theft sees no bounds. Educate your patients on the same. Make sure they are completely aware of medical identity theft, how it happens, the impact of the same, etc. Let them know that although it is growing, it can definitely be prevented and their vigilance is highly important for the same.

2. Curate A Safe And Speedy Reporting Environment

Let the patients know that the minute they find something unusual in their medical documents your doors are open for reporting the same. The patients must be aware that the sooner they spot a red flag and report it the better.

3. Timely Encryption

Encrypt all the critical patient files so as to prevent data breaches as much as possible. Remember the case of the Ransomware Attack on a Pennsylvanian health care provider- they were able to restore their encrypted files through a backup server. These files are of great importance and data breaches may go on to cost you in millions. It is always better to be safe than sorry.

4. Secure Document Disposal

This is one of the most important points to prevent medical identity fraud. We studied in this very blog about how improper document disposal is one of the major causes of identity theft. Identifying a secure shredding service to destroy all critical patient files that are no longer of use is critical and highly imperative to avoid falling prey to theft.

We at Endoshred specialize in shredding and ensuring that your organization gets the security it deserves. Check out our shredding services to know more!

What Consumers Can Do To Prevent Medical Identity Theft

As a consumer, how cautious and educated you remain about medical identity theft is completely in your hands. Research shows that nearly 1 in 4 consumers had their medical datas breached in 2016. In order to not become a victim to this fraud, you must take cautious steps:

1. Treat Your Medical Documents The Way You Treat Your Credit Card Information

A study showed that a majority of the people cared more about their credit card details than they did about their medical files. Is this because of a lack of awareness? Treating your medical data like how you do your credit card, could help make you better vigilant towards medical identity theft.

Do not let anybody you don’t trust know anything about your medical files. Don’t leave your medical files around on top of a pile of documents/dispose them in the trash. Always be extra careful with such information.

2. Always Recheck Your Bills and Other Medical Statements

If there is the slightest difference in any detail regarding your personal information/treatment history notify your healthcare provider immediately. Check your benefits regularly and always be cautious about the intimations you receive from your healthcare provider regarding your treatment plan/medication history/benefits, etc. If any of these details don’t match with the treatment you opted for, it is time to take further action.

3. Speedy Notification Is Key To Prevent Further Damage

Once you have spotted the red flags, don’t wait to inform the respective authorities. The sooner you protect your data from vulnerability, the better!

4. Spread Awareness

Apart from being cautious in general, taking note of how many people have access to your personal records, etc- you must also educate the ones around you about the impact of medical identity theft. Anyone who is not aware is vulnerable to fraud.

Reporting Medical Identity Theft

Speedy reporting of any red flags in your medical documents is pivotal to stop any damage.

For detailed explanation regarding the steps you must take to report doubtful errors in your documents, head to Federal Trade Commission’s website right away!

Here’s How You Correct Errors In Your Medical Records:

If they refuse to give you copies of your records claiming that would violate the identity thief’s privacy rights, you could appeal. Contact the person your healthcare provider lists in their Notice of Privacy Practices, the patient representative, or the ombudsman. Explain the situation thoroughly and demand your file.
If the provider refuses to provide your records within 30 days of your written request, you can complain to the U.S. Department of Health and Human Services Office for Civil Rights.

If your healthcare provider refuses to make changes, ask them to include a statement of dispute in your record.

Dear Sir or Madam:

I am writing to dispute the following information in my file. I have circled the items I dispute on the attached copy of the report I received.

This item (identify item(s) disputed by name of source, such as creditors or tax court, and identify type of item, such as credit account, judgment, etc.) is (inaccurate or incomplete) because (describe what is inaccurate or incomplete and why). I am requesting that the item be removed (or request another specific change) to correct the information.

Enclosed are copies of (use this sentence if applicable and describe any enclosed documentation, such as payment records and court documents) supporting my position. Please reinvestigate this (these) matter(s) and (delete or correct) the disputed item(s) as soon as possible.

Sincerely,

Your name

Enclosures: (List what you are enclosing.)

Click here for more details on the same.

Here are the contact details of the bureaus:

Equifax

Equifax.com/personal/credit-report-services

800-685-1111

Experian

Experian.com/help

888-EXPERIAN (888-397-3742)

Transunion

TransUnion.com/credit-help

888-909-8872

For more information on identity theft recovery, click here.

Why A Secure Shredding Service Is Critical To Prevent Medical Identity Theft

Improper document disposal is one of the major causes of medical identity fraud.

As a healthcare provider, you cannot simply dump the medical files in trash or employ an unprofessional to shred critical documents that are no longer required in your patient records. Such actions only pave the way for data breaches.

Moreover, using a shredding machine in your own office to destroy sensitive documents requires a lot of time, energy, and patience. Not only does the noise from the machine cause disruption to your employers and customers, but you will also need to ensure maximum security while these confidential documents are being shredded. Why go through so much when we are here to safeguard your privacy?

This is what we will be seeing next- how can we help you as you build a non-vulnerable environment and ensure maximum security for your consumers?

Where Does Endoshred Come In?

We at Endoshred are dedicated to protecting your privacy. Now that we are aware of what medical identity fraud is, how to detect it, what causes it, etc- how can we help you best shield your healthcare organization from fraudsters and cyber attackers?

As discussed above, improper document disposal is among the major causes of medical identity theft, and this is where we come in. Endoshred is a pioneer in secure shredding and solely aims at giving you the privacy you deserve.

We provide secure paper shredding and recycling services at a location of your choice across the UAE. With the help of our fully automated mobile shredding trucks, we assure you on-site environment-friendly and convenient destructions!

Not only do we provide secure document shredding, but also hard drive destruction services and shredding of other sensitive materials such as media tapes, electronics, etc.

Medical Identity Theft can happen to anyone, but with the right awareness and smart measures, you can prevent it too!

Conclusion

In this blog, we tried to understand the fraudulent act of medical identity theft from its very crux.

We began by comprehending what it is before we moved on to learn ways to detect it. Then, we saw different means through which medical identity theft can take place.

Once we took a quick look at the legality behind it, we also saw where Endoshred comes in and how we as a company can help you protect your organization from a data breach.

We hope this blog was informative and you are now aware of the extremity of medical identity theft. Do follow this space for more such content!

Let us know what YOUR organization is doing to prevent itself from data breaches. Let us be vigilant together. Let us protect our privacy, together!