Twenty years ago, who would have thought anyone might want your medical information—and if someone stole it, what would they do with it?! Medical identity theft is now the fastest-growing form of identity theft according to MedPage Today. MedPage’s article of September 23, 2011, by Emily P. Walker, cited a PriceWaterhouseCoopers (PWC) recent report based on data from a survey that canvassed 600 executives of
In 2010, this form of identity theft affecting upwards of 1.4 million Americans cost more than $28 billion. The source of the stolen data included missing laptops, stolen “smart” cellphones, and the mis-use of patient data to make fraudulent claims. It also included people trying to get medical care representing themselves as someone else. Unintentional breaches of security by employees in medical offices were also responsible for data being used illegally; e.g., papers containing patient data being left out in plain site where someone copied and misused the data for their own purposes, patient data finding its way to social networking sites such as Facebook, and patient data being transmitted for illegal purposes on cellphones.
Converting paper health records to electronic records (digitizing individuals’ health information and storing it on computers) is the coming health information technology trend. PriceWaterhouseCoopers’ report, however, leans toward the conclusion that most medical and healthcare organizations are not yet ready or able to keep patient data secure beyond the lockable filing cabinet. Having medical data stored electronically seems to further complicate the matter, because of the ease with which someone familiar with modern electronics may be able to capture and use for illicit purposes one’s medical information. This may be another instance of there being unintended bad consequences of joining the electronic data storage age. Consequently, there would seem to be a higher burden on the data storage entity to ensure there are reasonable and effective means by which the data can be secured.