February 8, 2008 By Jim McKay, Justice and Public Safety Editor
Because of identity theft's prevalence, most of us have taken steps to protect ourselves - thanks to fears instilled from the horror stories of those who've been victimized.
But what about when someone hacks into a health facility, steals medical records and uses medical identification (ID) numbers to get health benefits?
Apparently few of us are concerned something like this will happen. We ignore the explanation of benefits from our health insurers, according to the World Privacy Forum, whose recent study, Medical Identity Theft: The Information Crime that Can Kill You, states that we should be looking closely.
Approximately 250,000 patients each year - or more, as some estimates reach higher - have their medical IDs stolen. The crooks use stolen identities to gain medical services or fraudulently bill private health insurers and government health-care programs.
If that isn't scary enough for you, consider this: The Blue Cross and Blue Shield Association estimates that medical ID theft represents 1 percent of health-care fraud, totaling about $600 million in losses per year.
In the last decade, the number of identity theft cases have skyrocketed, and medical ID theft appears to be a segment of it that's growing too.
But the proper authorities haven't addressed it yet.
It's a shame more than 40 million Americans are without health insurance. And even more shameful is that some of the uninsured have resorted to stealing someone else's medical information to get the services they need.
But it's not just the uninsured or the two-bit drug dealer doing the stealing. There are documented cases of organized groups targeting physician identification numbers and manipulating million-dollar ripoffs of the health-care system.
The Health Insurance Portability and Accountability Act is supposed to provide a shield of sorts for our private medical data. Ironically it doesn't. In fact, it can work against a victim trying to correct a medical record that has been changed by an imposter.
The U.S. Department of Health and Human Services (HHS) is developing four prototypes for a National Health Information Network to make health records available electronically in real time to caregivers.
The Government Accountability Office has noted "significant weaknesses" in the information security controls used for Medicare and Medicaid claims processing. The World Privacy Forum says a National Health Information Network must include significant safeguards.
With few mechanisms available to protect the medical records of patients, the HHS needs to consider the ramifications of a national system that makes medical identity theft even easier than it is now.