January 5, 2007

Medical Identity Theft

From the January 8, 2007 issue of Businessweek, an article about medical identity theft and health care databases:

But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor's paper files, fraudulent information—such as the erroneous diabetes diagnosis in Lind Weaver's records—could circulate in other medical databases across the country. Given that some medical ID thefts are "inside jobs," wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier. "We can expect [medical ID theft] to grow the more we move toward an electronic health-care system. It's going to be a disaster," says Dr. Deborah Peel, an Austin (Tex.) psychiatrist and founder of the Patient Privacy Rights Foundation.

...but, as usual, the weakest link is usually a human:

In September, federal authorities arrested a scheduling clerk at the Cleveland Clinic's Weston (Fla.) hospital who allegedly had passed on the personal identification information of more than 1,100 patients to her cousin—who in turn submitted $2.8 million in false claims to Medicare. "Hospitals have done a poor job of implementing security procedures on their computer systems," says one federal investigator. "You'd be astonished how many people have access to your medical records."

No comments: