Preying on Patients

I've posted a lot here regarding the myriad of privacy pitfalls associated with electronic, online medical records. Now the Wall Street Journal is on the issue with a major expose on medical identity theft, and how it can imperil ones health care, insurance, and job prospects.

Just one more thing to keep in mind as we see new products like Google health rolled out, and/or other proposals I've commented on here in California, such as the Attorney General's massive prescription drug database sharing idea, or giving third party drug marketers and pharmaceutical companies access to patient prescription records. By the least, they do open the door to the increased threat of identity theft.

The Wall Street Journal reports:

An imposter who takes over your financial life leaves a trail of harm -- and that harm can include changes to your health-care records in some cases. Identity theft in the health-care arena adds a layer of complexity because a thief can tap your medical information to get care or make false claims, potentially altering the course of your future treatments if you don't catch and reverse the damage, experts say.

For example, a thief could have a different blood type or drug allergies than you do, and a doctor, nurse or hospital may not detect the mixed patient files before administering treatment based on the imposter's medical history instead of your own. Or victims may find they hit their insurance caps or become uninsurable or unemployable based on medical problems they never had.

That's the scenario privacy experts are concerned about as hospitals and health-care providers increasingly exchange digital information or seek ways to do so. But it's not just high-tech developments that are sparking worries.

...

But state and national lawmakers are beginning to take notice. Starting this year, California extended its security breach law to require companies that handle medical and health-insurance information to notify people when the security of their medical data has been compromised.

...

Victims often realize they have a problem when they receive their insurer's explanation of benefits for services they never received, collections companies come calling for charges they didn't incur or their credit report shows changes, Dixon said.

"Right now where we are with medical identity theft is where we were at the beginning of financial identity theft," she said. "We're starting at square one with this crime. The good news here is financial identity theft laws are going to help these victims for debt collection and credit report issues."

Still, some victims have trouble getting collections agencies to believe their predicament, even with a police report in hand, she said. Getting access to and correcting health-care files falls under a federal law called the Health Insurance Portability and Accountability Act, or HIPAA, which is designed to protect privacy but often creates headaches for people who've had their medical IDs stolen. "Because of the fractured nature of the health-care sector, it's not so easy to get positive change moving for victims," she said.

...

On an individual level, being alert to unauthorized address changes or strange entries on your insurer's explanation of benefits is essential to catching medical ID theft early, Dixon said. Consumers who receive a security-breach notice are wise to get credit monitoring and copies of their medical records. "You're not obligated to tell a health-care provider why you want your files," Dixon said. She advises people who know they're victims of medical ID theft to avoid disclosing the situation so they have a better chance of getting their records. "Gather all the information and then start taking action."

Click here to read the article in its entirety.