Medical Identity Theft: The Dark Side of Health Care Privacy

Larry Sobal column: Identity theft: the dark side of health care privacy

Posted November 20, 2005
As a patient, your greatest fear is not your neighbors finding out about your most sensitive medical conditions, it's that your "nonpublic" information will be exploited by identity thieves gaining access to your clinical information. What this means is that your medical privacy and your overall identity, is more vulnerable than any time in history.

The term "identity theft" often is used to describe financial crimes, but true identity theft occurs when someone uses your personal information to create new accounts to obtain money, goods, services, prescriptions, a driver's license or even commit crimes in your name. Unfortunately, the relationship between medical privacy and identity theft is growing stronger.

Think about it. How many places is your health information, including your Social Security number, stored these days? Considering database redundancy and the ease of electronic transmission, from your hospital to your insurance plan to your physician to your pharmacy and multiple points in between, it is not unusual for your personal data to reside in literally hundreds of sites.

Not only does this increase the odds of a breach in your medical security, but identity theft is now the No. 1 crime in the country.

Health care organizations are prime targets, and potentially prime leaks, because of their vast reservoirs of personal data. If you aren't worried about all of this, you certainly should be.
Back in the old days (paper) you had two primary risks for inappropriate discovery and use of your health information. The first was a result of "shoulder surfing"— where nosey individuals simply listened in on your discussions or read it from your open medical record or a computer screen. The second was "Dumpster diving" where your records or billing receipts were picked from the garbage can.

The health care industry recognizes the challenge it faces and is using a vast array of resources to protect your information. One key step was the passage of sweeping legislation in 1996 known as HIPPA. The Health Insurance Portability and Accountability Act was created to focus on the security of health data.

Health care organizations, however, are just one place of potential risk. Due to stunning widespread corporate carelessness, representing all industries, the personal information of more than 46 million Americans was lost or stolen in the first half of 2005 alone.

The scary part is that your most likely thief may not be a stranger. According to a recent study by Javelin Strategy & Research, in 26 percent of all cases the fraud victims knew the person who had misused their personal information.

The TowerGroup, a unit of MasterCard International, reports that as much as 50 percent of identity fraud occurs with a family member or friend. Most experts recommend these steps:

• Avoid carrying your Social Security card, birth certificate or even your checkbook with you.
• Never give out your Social Security number.
• Add passwords to online and offline accounts and don't use your mother's real maiden name, your real name, or birthday as identifiers.
• Have your mail delivered to a locked box.
• Buy a crosscut shredder and destroy all paper or CDs with your information on it, including unsolicited pre-approved credit offers and blank courtesy checks.
• Get a regular copy of your credit report and review its activity.
• Don't preprint your Social Security number, driver's license number or even your phone number on your checks.
• Restrict online purchases to sites that use encryption.
• Report any lost or stolen checks or cards to the appropriate institution within 48 hours to obtain maximum protection.

In addition, progressive employers are taking action on behalf of their employees. According to local expert Teri Rose of Prepaid Legal Services in Neenah, many employers are offering identity theft coverage as a voluntary employee benefit.

Whatever you do, perhaps the single most important aspect of identity theft prevention is an awareness of this issue combined with a program of healthy vigilance to protect your personal data and help minimize your risk.

Larry Sobal is chief executive officer of Appleton Cardiology Associates, a member of the Appleton Heart Institute.

You can see what is meant by the Identity Theft Shield by clicking on the banner