According to a report from the professional services firm PwC, one-third of health care organizations have reported catching a patient using the identity of someone else to obtain services. PwC stated that preventing medical identity theft requires a provider that is committed to privacy of patient information, even beyond following federal standards such as HIPAA.
In addition to financial harm and privacy issues, medical identity theft may potentially cause physical harm its victims by creating false entries in their health records at hospitals, and other medical providers. The changes to the records could remain in the files for many years.
One of the methods PwC recommends to help prevent the theft on private information is to make privacy part of the consumer experience and brand of the healthcare provider showing patients the importance to the practice and the importance of the patients keeping their information confidential. Some health systems have used biometrics, such as fingerprint or eye scanners, as a means of confirming patient identity. Even something as simple as checking photo IDs at each patient visit is an effective way to authenticate someone’s identity. Also training employees on how to detect an imposter through what appears to be simple conversation is another effective method used to help prevent this kind of identity theft. Physicians or nurses can pull out a bit of information from the patient’s file that the patient should know, such as his or her age or a previous illness, and ask seemingly innocuous questions about it. Staff should be on the lookout for red flags in patient files, such as conflicts between the patient information in the file and answers given by the individual.
As medical records become more transportable through electronic networks, the problem could be exacerbated as mistakes are disseminated and re-disseminated among physicians, hospitals, pharmacies and insurers.