Medical Identity Theft

By Louise on August 10th, 2007

I was thumbing through some library magazines recently, and came across a facinating article in Good Housekeeping.  Medical identity theft is still a very rare crime compared with all the other id theft problems, but apparently it’s growing at an alarming rate.  The article is full of horror stories, including a pregnant meth addict who stole a drivers license and used it for id at the hospital when she delivered a premature baby (with the id theft victim having to defend her own parenting abilities from officials who wanted to take her children away from her after meth was found in the new baby’s blood).

Even after the victim convinced the officials that she was not the woman who had recently abandoned a baby in a hospital, she had to deal with the medical record nightmare that ensued.  Her records now included the perpetrator’s medical history mixed in with her own accurate records.  And the hospital wouldn’t let her see her own records for fear of compromising the privacy of the woman who stole her id, since that woman’s records were in the file too.  What a mess.

There’s also a mention of a medical office worker who copied files of 1100 patients and sold them to her cousin, who ran a nearby medical office.  The cousin then billed the insurance companies of those patients for all sorts of tests and procedures, raking in millions of dollars and filling the victims’ medical records with false information.

Perhaps the most shocking part of the article was the mention that over a third of Fortune 500 companies use medical records in hiring decisions.  My first reaction was to question the legality of this practice.  Interestingly enough, this is often the reaction we get when we tell a client that she cannot get individual health insurance in Colorado if she is currently pregnant or has a serious pre-existing condition.  So I went searching online and within minutes I found pages and pages of references to a study done by David Linowes, former chair of the Presidents Commission on Privatization and the U.S. Privacy Protection Commission.  The study found that 35% of the Fortune 500 companies surveyed indicated that they use “personal medical information as a basis for hiring, promotion, and firing decisions.”  So I guess my idea of what’s legal in this regard is a little off base. 

With the legality issue out of the way, what about the ethical issues involved?  Should a company be able to look at medical records for employees or potential employees?  That’s a tough one.  If the company is paying for health insurance and sick leave for its employees, it certainly seems fair to allow them to choose employees who take basic steps towards a healthy lifestyle.  Smoking is a good example, and companies should absolutely be able to determine whether a prospective hire is a tobacco user or not (and choose not to hire those who use tobacco if they feel that is in the best interest of their company).  But what about a person who has MS or hemophilia or Type I diabetes?  Something that creates large medical bills but was not self-inflicted by the potential employee?  Should a company be allowed to see these sorts of things in medical records, and use this information as a basis for personnel decisions?  I don’t think so.  This issue is especially sensitive in light of the medical id theft issues, since a victim of this type of crime may have all sorts of erroneous data in his medical records and be unaware of the problem. 

I guess this means that in addition to checking our credit reports periodically, we should also be requesting our medical records and making sure that the information in them is accurate.  One more chore to add to the list of things we have to do to protect our most basic assets – our names. 

Share This
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • LinkedIn
  • PDF
  • Reddit
  • StumbleUpon
  • Technorati
  • Twitter
  • Yahoo! Buzz

2 Responses to “Medical Identity Theft”

  1. Martin Ethridgehill on Feb 23rd, 2009 at 10:51 am

    Electronic Health Records

    Over the last few years I have observed conversations and information regarding the need for electronic health information and electronic medical records on a national scale. The information to date has seemed very promising and enabling; however, I am concerned that with the rush to implement, we as a nation may over look some items that I feel are necessary safety and security protocols.

    Currently, if a person is the victim of medical identity theft they have a great deal of “proving” to do before anyone will help them, In addition, there is a great deal of existing proof that even after the hospitals and creditors have been satisfied of the remedy, there exists the long term danger of “tainted” information.

    When a person is the victim of identity theft medical care is provided, entries are made, and claims are filed with the insurance payer. In an all-electronic world each of these entities would be making entries into a system that is more universal in nature. While this may actually aid in the proper delivery of care, it can also aid in the delivery of improper care that could result in long term injury and death.

    There are currently several systems providers that deliver a type of “patient profile” that is based on previous claims data. If the data is compromised between a real patient data and co-mingled with data from the “false patient” [the person who used someone else’s insurance information], the provider attempting to deliver no-voice-no-vote care in an emergency situation may actually rely on information that does not accurately represent the person in their emergency room.

    Over the last several months I have heard and read where executives from several companies are talking down regarding safety protocols and medical/health records mitigation as nothing more than hurdles and obstacles to improving healthcare information delivery. I believe this to be self-serving and disingenuous for several reasons:

    1. Adding safety and records mitigation protocols ensure patient safety as an ongoing concept and practice
    2. No industry would be allowed to operate, where the officials in charge of it stated that the market or other bodies would be responsible for creating safety procedures. Can you imagine if the auto industry stated, “we make cars, let the market figure out how to regulate safety”? I doubt that Congress or any other body would consider these people as remotely credible, yet I hear time and time again these statements being made in public and private forums by executives, lobbyists, and even so-called healthcare leaders.
    3. For the public and providers to embrace a product that has no regulation, no built-in safeguards, and obviously no importance to safety from the makers of these products, why would Congress expect the American public or health care providers to embrace a product or concept that involves the unregulated risk of injury, death, or staggering liability opportunities, let alone without any hope of remedy or proper relief?

    I have a passion for healthcare delivery and believe that people should receive nothing but the best leadership in this matter from all levels of local, state, and federal government, when it comes to our countries best long term interests.

  2. Trackback: Cavalcade of Risk #32 « InsuranceHelpHub.com
    Aug 15th, 2007 at 7:49 am

    [...] talks about a recent article on Medical Identity Theft and discusses the ethics of companies using medical records in hiring decisions over at Colorado [...]

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« »