2014 Medical Identity Theft Report: Identity Fraud Increases by 21.7%

Ponemon Institute Releases 2014 Medical Identity Theft Report

The Ponemon Institute Medical Identity Theft Report is prepared each year and gives an important insight into the extent of medical and identity fraud in the United States, as well as the impact it is having on patients. This year’s results paint a worrying picture, as cases of medical identity fraud have increased 21.7% year on year.

2014 was a year for major data breaches. Two major data breaches occurred last year that exposed consumer data on a colossal scale. The data breach at Home Depot exposed a staggering 56 million credit card numbers while JP Morgan Chase discovered a breach that exposed the records of 76 million households and 7 million small businesses.

The healthcare industry was hit hard as well, with the year’s biggest HIPAA breach occurring at Community Health Systems, in which the PHI of 4.5 million patients was exposed. Numerous smaller HIPAA breaches affecting other covered entities resulted in the records of many millions of Americans being compromised.

The theft of credit card numbers, while serious, does not usually have as major an impact on the victims as medical fraud. The majority of individuals whose credit card details are exposed are protected or are able to take action in time to prevent any loses from being suffered. Medical identity fraud on the other hand often results in the victims having to cover considerable out of pocket expenses, and they stand little chance of getting the money back.

The Affordable Care Act (ACA) may have improved insurance coverage, but it has not done much for public confidence in healthcare providers’ ability to keep data secure. The 2014 Medical Identity Theft Report shows 54% of respondents believed the ACA has increased the chances of them becoming a victim of medical identity theft.

The efforts put in by healthcare providers and insurers to ensure data is kept secure are considered to be inadequate by the majority of respondents: 68% were not confident in the ability of their healthcare provider to keep data safe. 79% believe that it is important for healthcare providers to protect their data.

HIPAA Breach Notification Rule requires healthcare providers – or other covered entities – to alert individuals to a data breach promptly. Only 40 percent said that this was vital, indicating that many are not aware of the risks involved or are seriously underestimating the damage that can be caused. The 2014 Medical Identity Theft Report shows the cost is considerable for the average HIPAA breach victim. Using the data of 65% of the sample, the average cost of medical identity fraud was calculated by Ponemon to be $13,453 per victim.

Medical Identity Theft Affects More Than Just Finances

It is not just personal finances which can be damaged by medical identity theft. The 2014 Medical Identity Theft Report shows embarrassment or loss of reputation as a result of the breach is common. 89% of respondents had suffered embarrassment, 19% believed their careers had suffered, while 3% attributed their loss of employment to a breach.

30% were not informed when their data was exposed, and this lack of information can make it difficult for individuals to accurately assess the risk of medical fraud occurring. Knowledge of privacy protections and access rights were not widely understood with only 19% familiar with privacy protections in place to secure their data, 35% were not familiar with their privacy rights and 35% believed they had not been informed about the protection used by their provider to safeguard their data.

The 2014 Medical Identity Theft Report also says that consumers need to be educated about the risks of medical identity fraud. 60% did not regularly check their health records and 53% didn’t know how to do so. 35% said that accessing their records was difficult.

The 2014 Medical Identity Theft Report was sponsored by the Medical Identity Fraud Alliance (MIFA), and this is the fifth year the survey has been conducted. Healthcare providers and insurers should be concerned about losing the confidence of patients. 50% of respondents said that medical identity theft had decreased their confidence in their provider, and 48% would consider changing provider if their actions allowed them to suffer medical identity fraud. 53% of respondents believed that their healthcare provider had been negligent by failing to prevent their data from being exposed.

The 2014 Medical Identity Theft Report was compiled using data collected from a number of different surveys conducted on  1,005 U.S consumers.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news