1 / 36

Medical Identity Theft: Past, Present, and Future…

Medical Identity Theft: Past, Present, and Future…. Alaska Bar Association Health Law Section November 1, 2007 Presented by: Dawn Carman, Esq., RHIA, FACHE Chief Risk & Compliance Officer Alaska Native Tribal Health Consortium. Goals. Overview of identity theft?

Download Presentation

Medical Identity Theft: Past, Present, and Future…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Medical Identity Theft:Past, Present, and Future… Alaska Bar Association Health Law Section November 1, 2007 Presented by: Dawn Carman, Esq., RHIA, FACHE Chief Risk & Compliance Officer Alaska Native Tribal Health Consortium

  2. Goals • Overview of identity theft? • How do thieves steal your identity? • Ramifications • Safeguards • What is medical identity theft? • How do thieves steal your medical identity? • Duties of health organizations • Ramifications • Safeguards • Federal and state laws • Q&A

  3. Who is Frank W. Abagnale?

  4. What Is Identity Theft? • Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes • Federal Trade Commission • The fastest growing crime in the US • Occurs every 3-79 seconds • IDProtect.Com • Identity Theft Resource Center

  5. How Much Do You Know AboutIdentity Theft? • Take a quiz • http://onguardonline.gov/quiz/idtheft_quiz.html • http://www.idtheftcenter.org/artman2/publish/c_theft_test/Fact_Sheet_102_Consumer_Risk_Test.shtml

  6. What Are The Numbers? • 8.4M identity theft victims per year down from 10.1M in 2003 • Mean fraud per victim $5720 • Mean resolution time per victim 25 hours • Javelin Strategy & Research Survey Feb 2007

  7. How Do Thieves Steal Your Identity? • Dumpster Diving • Rummaging through trash looking for documents with your personal information • Skimming • Stealing credit/debit card numbers using a special storage device when swiping your card • Phishing • Pretending to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information

  8. How Do Thieves Steal Your Identity? • Changing Your Address • Diverting your billing statements to another location by completing a change of address form • Old-Fashioned Stealing • Stealing wallets, purses, and mail • Stealing personnel records • Bribing employees who have access • Pretexting • Using false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources 

  9. Identity Theft Ramifications • Credit card fraud • Phone or utilities fraud • Bank/finance fraud • Government documents fraud • Use your SSN to get a job • Rent a house in your name • Use your info during an arrest • Get medical services using your name • Federal Trade Commission

  10. WHAT CAN YOU DO? • DETER • Deter identity thieves by safeguarding your information • DETECT • Detect suspicious activity by routinely monitoring your financial • accounts and billing statements • DEFEND • Defend against identity theft as soon as you suspect a problem

  11. What Is Medical Identity Theft? • Someone uses a person's name and other parts of their identity without the person's knowledge or consent to • Obtain medical services • Obtain prescription drugs and medical equipment • Make false claims to insurance companies

  12. What is Medical Identity Theft? • The least understood and most poorly documented identity theft crime • Takes a financial toll • Takes an emotional toll • Can kill you!

  13. Medical Identity Is • A doctor falsifies medical records of patient claiming that they have received medical treatments that they never did and submits false claims • A nurse at a physician's office calls in prescription for a patient, but picks up the prescriptions for herself. • Someone walks into the emergency department at a hospital claiming to be someone else (without that person's permission) so that they can receive emergency medical care • A woman gets surgery claiming to be someone else • Presented medical insurance information and an altered driver's license to impersonate a friend without that friends permission • Did not have medical insurance of her own • B. Koerner, Medical Identity Theft: What It Is and Is Not, About.com

  14. Medical Identity Theft Is Not • A lab tech uses personal information in your medical record to open up a credit card account in your name • Someone walks into the emergency department at a hospital claiming to be someone else, with that persons permission, so that they can receive emergency medical care • A patient is faking a medical condition and gets a doctor to collaborate with them and falsify medical records • B. Koerner, Medical Identity Theft: What It Is and Is Not, About.com

  15. Medical Identity Theft Example 1 • A CO flightseeing business owner got a hospital bill for $41,188 • He called the hospital and realized that someone had stolen his personal information to pay for a surgery • Investigators traced the crime to a former newspaper clerk at a newspaper in which the man had placed an ad for his business. • "He asked for my Social Security number, and I now realize I shouldn't have given it to him.” • The hospital would not let the man see his medical records because the signature on his driver’s license did not match that of the medical identity thief • The hospital wrote off the loss, but the man has not been able to erase unpaid debt from his credit record, affecting his business loans

  16. Medical Identity Theft Example 2 • A Boston psychiatrist made false entries in medical records for individuals who were not his patients • He gave diagnoses such as drug addiction and severe depression • He used their personal information to submit false bills to insurance companies • Victims had difficulty getting the information removed from their real medical records • Victims were concerned about future health care coverage and employment

  17. How Much Do You Know About Medical Identity Theft? • Medical Identity Theft: The Information Crime That Can Kill You • http://www.worldprivacyforum.org/medicalidentitytheft.html

  18. What Are The Numbers? • $49.3B per year • Javelin Strategy & Research Survey Feb 2007 • 20,000 reported cases 1992-2006 • Federal Trade Commission 2006 • Estimated 250,000- 500,000 cases of medical identity theft per year • World Privacy Forum

  19. Can Health Care Fight Fraud? • In 2006, Blue Cross/Blue Shield, the nation’s largest health care network, pursued 20,000+ cases of health care fraud through identity theft and impersonation • 206 convictions

  20. Medical Identity Theft Ramifications • Medical identity theft is a crime that can cause great harm to its victims • Although high risk, it is the least studied and most poorly documented of the cluster of identity theft crimes • It is the most difficult to fix after the fact because victims have limited rights and recourses • It leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years • The World Privacy Forum 

  21. Medical Identity Theft Ramifications • Medical record alterations • Allergies • Medical and surgical history • Drug contraindications • Blood type • Serious injury or death

  22. Medical Identity Theft Ramifications Medical bills Collection agencies Denial of health insurance coverage Denial of employment Impact on legal rights

  23. Medical Identity Theft:The Victim’s Perspective • Lack of recourse • Lack of rights • Lack of help • No blanket rights to correct erroneous medical records • In some cases victims have been denied access to compromised records • No right to prevent providers, clearinghouses, or insurers from reporting information resulting from identity theft • The World Privacy Forum

  24. Medical Identity Theft:Victims Falling Through Gaps • Financial identity theft experts often knowledgeable of health privacy laws • FTC is not responsible for addressing medical identity theft • DHHS is responsible for medical identity theft • No published focused studies • No published guidance • The World Privacy Forum

  25. The World Privacy Forum:Medical Identity Theft Findings • Medical identity theft is a separate and distinct crime from other types • Medical identity theft is a serious crime with substantial consequences on patient well-being affecting medical record accuracy and health care financial losses • Medical identity theft is under researched and under reported • Victim recourse is limited

  26. Findings Continued • Medical identity theft can be challenging to uncover • Uncorrected medical record errors have a long-range negative impact on medical research using patient records • The proposed National Health Information Network may increase risks to patient safety, privacy, and security of patient data. • Victims may learn of their identity theft after much damage has been done

  27. The World Privacy Forum:Medical Identity Theft Recommendations • Medical identity theft needs national attention • Medical identity theft victims need expanded accounting of disclosures • Patients must have the right to correct errors in their medical records • DHHS needs to implement victim protections similar to those of the FTC • Health insurers should send each beneficiary a free annual list of all claims

  28. Recommendations Continued • Patients should receive one free copy of their medical records from providers • Patients must be notified of data breaches promptly • Medical identity theft should be considered as part of computer system risk assessments • National Health Information Network prototypes need testing for medical identity theft

  29. Medical Identity Theft inthe Electronic Age • “As the health care system transitions from paper-based to electronic, this crime may become easier to commit and harder to trace. Victims may find it more difficult to recover from medical identity theft as medical errors are disseminated and re-disseminated through computer networks and other medical information-sharing pathways.” • The World Privacy Forum

  30. Health Organizationsand Protecting Data • HIPAA Privacy and Security Rules • Hospital privacy policies • Consumer protection laws • Common law duty of care • Medicare Conditions of Participation

  31. Medical Identity Theft Safeguards • Consider requiring picture ID for health care service to protect patient safety and help prevent medical identity theft and fraud • Education the workforce and patients on medical identity theft • Implement a protocol to investigation allegations of medical identity theft • Partner with law enforcement

  32. Medical Identity Theft Safeguards • Be careful to whom you give name, social security number, and date of birth • If you are the victim of identity theft, take all actions you can think of to protect yourself • Contact creditors • Work with the health care provider • Work with insurance companies • Request correction of medical records • Contact the Social Security Administration

  33. Federal Data Security Laws • Financial, securities, and consumer protection laws • Title V of Gramm-Leachy-Bliley Act • 15 USC §§ 6801-09 • FTC Standards for Safeguarding Customer Information • 16 CFR Part 314 • SEC Regulations • 17 CFR Part 248 • Privacy of Consumer Financial Information • 16 CFR Part 313 et seq. • Fair Credit Reporting Act • 15 USC §§ 1681-1681x • Identity Theft Red Flags and Address Discrepancy Rule under FACT Act • Pub. L. No. 108-159 • Federal Trade Commission Act • 15 USC § 45(a) • Customer Information Program Rules under the Patriot Act • 31 USC § 5318(I) • Health Insurance Portability and Accountability Act • 42 USC § 1320d et seq. • Drivers Privacy Protection Act • 18 USC § 2721-2125 • Family Education Rights and Privacy Act • 20 USC § 1232g • Department of Veterans Affairs Information Security Act • 38 USC § 5721-28

  34. State Identity TheftCriminal Law Enforcement • All 50 states and DC have some form of legislation that prohibits identity theft • In all states except ME, identity theft can be a felony • 11 states uses a narrow approach to criminalization by focusing on the use of personally identifiable information with intent to defraud • Other states use a broad approach including unauthorized use, possession, creation, recording, obtaining, selling, giving, or transmitting of personally identifiable information • State laws are rapidly changing • Trend in making criminal laws more specific • Example: Making it a separate crime to traffic in stolen identities or to engage in phishing • The President’s Identity Theft Task Force Apr 2007 Report

  35. More Info on Identity Theft • Javelin Strategy & Research Survey February 2007 • http://www.privacyrights.org/ar/idtheftsurveys.htm • FTC Deter, Detect, Defend Campaign • http://www.ftc.gov/bcp/edu/microsites/idtheft/ • Medical Identity Theft: The Information Crime That Could Kill You • http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf • Take Charge: Fighting Back Against Identity Theft • http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm • US Department of Justice • http://www.usdoj.gov/criminal/fraud/idtheft.html • Identity Theft 911 • http://www.identitytheft911.org/home.htm • US Social Security Administration • http://www.ssa.gov/pubs/idtheft.htm • Fight Identity Theft • http://www.fightidentitytheft.com/ • Identity Theft Resource Center • http://www.idtheftcenter.org/ • The President’s Identity Theft Task Force Apr 2007 Report • http://www.idtheft.gov/reports/VolumeII.pdf

  36. Questions?

More Related