You know all that work you have been doing to make your organization HIPAA compliant? You have been tuning up your privacy and security practices in order to keep safe the protected health information (PHI) of your clients.
Good job…but not good enough!
In spite of the efforts of healthcare organizations and providers of all stripes to secure the PHI of their patients, Medical Identity Theft and resulting fraud is dramatically on the rise. According to ID Experts’ Data Breach Examiner,
In the last year, medical identity theft has affected 1.84 million Americans, costing victims an estimated $12.3 billion in out-of-pocket expenses. . . . Medical identity fraud is estimated to cost the healthcare industry almost $40 billion annually, driving up the cost of healthcare for everyone.
Do you know someone who has allowed another person to use their Health Insurance card and ID? Maybe your friend who has insurance let her sister who did not use her card. Or possibly, your wallet was stolen and you noticed an EOB on your payer’s web site that was for services you never received.
Breaches are not the only way data finds its way into the hands of someone who does not own it. According to ID Experts, its all in the family.
More than half the survey respondents said they would find another provider if they knew their healthcare organization could not safeguard their medical records. Yet 30 percent of those surveyed also reported that they knowingly allowed a family member to use their personal identification to obtain medical treatment, healthcare products, or pharmaceuticals, and more than 20 percent couldn’t even remember how many times they had shared their healthcare credentials. Even in cases where medical identity was stolen, 48 percent said they knew the thief (typically a family member) and didn’t want to report him or her.
Not only does this cost money, it also contaminates the medical record of the individual increasing the danger of misdiagnosis and improper prescriptions.
Perhaps you have never experienced this in your behavioral health organization. Perhaps you have and have many stories to tell. I know I was certainly asked to do some fraudulent insurance activities when I was in private practice.
Have you or your organization experienced someone falsely using another person’s medical identity? How did you handle it? Please share your comments below.