Medical Identity Theft Is a Growing Problem

Published September 1, 2007

As a national push to adopt electronic medical records (EMRs) gains steam at all levels of government, a crack in the system is beginning to show: the threat of medical identity theft.

The theft generally takes one of two forms: Using another person’s name, Social Security number, or insurance information to obtain medical services, or using someone else’s identity to falsify insurance claims.

Either way, the problem is growing. According to a July 2 South Florida Sun-Sentinel newspaper article, approximately 250,000 to half a million people nationwide have already been victimized, and medical identity theft costs taxpayers “hundreds of millions of dollars” in fake billings annually.

“Medical ID theft is a serious and growing threat to the electronic medical records industry,” said Twila Brase, president of the Citizens’ Council on Health Care, a free-market group based in Minnesota. “For the most part, they’re ignoring it because their focus is on getting the EMR fully entrenched in doctors’ offices and hospitals–in essence, securing their financial future. So, like an ostrich with its head in the sand, the EMR industry is ignoring what could eventually destroy it.”

Digital Records

EMR advocates say using digital patient records will improve patient care by streamlining access to information from multiple providers. For the past three years the federal government’s Office of the National Coordinator for Health Information Technology has been working on ways to ensure computer systems can communicate with each other in an effort to pave the way for a national EMR rollout.

Private citizens, however, are concerned about their security.

According to a 2006 survey of 1,003 people by the Markle Foundation, a technology advocacy group based in New York, 80 percent of respondents said they were “very concerned about identity theft or fraud” when using EMRs, and 87 percent said it was “particularly worrisome for those in fair or poor health.”

Those concerns are valid, said Brase. The solution, however, is simple: Let patients own their medical information instead of making it government property.

“The public may like their data to be electronic, but the answer is not the imposition of EMRs or a national, online EMR system,” Brase said. “The answer is a write-only EMR on a flash drive carried by the patient, patient ownership of medical data, and an individual right to keep data offline and out of a computerized medical record.”

Organized Crime

Pam Dixon, executive director of the World Privacy Forum, a nonprofit research group based in San Diego, told the Sun-Sentinel 90 percent of medical identity theft cases involve “at least one person” at the doctor’s office–worsened by the fact that clinics are now being bought and run by organized crime rings, including the Russian mafia.

“It’s really becoming a problem,” Dixon said. “It’s on the radar and getting worse.”

James M. Jacobson, chairman of the Health Law and Life Sciences Team at Holland & Knight, LLP–a Boston-based law firm with multiple practice areas–scoffed at the idea of half a million people being victimized by medical identity theft.

“Even if such concerns were true, turning back the use of electronic records is not the way to go,” Jacobson said. “Rather than hamstring EMR or go back to paper, EMR companies and their customers should focus on improving technologies to sniff out abusers and establishing better policies and procedures to punish them.”

Federal Rule

Though Brase agrees, she says the problem is rooted in bad policy–specifically, the Health Information Portability and Accountability Act (HIPAA) of 1996, which required the establishment of national standards for electronic health care transactions but not patients’ consent for their medical information to be shared.

“Because of HIPAA, patients have no say about the computerization and sharing of their data,” Brase explained. “And now, federal Medicare officials as well as monolithic health plans are pressuring doctors into building interoperable online EMRs. Thus, as payers want EMRs to be installed to monitor doctors and patients in real time, and to control the practice of medicine, patients have been exposed to injury from inside and outside their doctor’s office.”

Karla Dial ([email protected]) is managing editor of Health Care News. Dr. Sanjit Bagchi ([email protected]) writes from India.

For more information …

“South Floridians increasingly victimized by medical identity theft,” by Ian Katz, South Florida Sun-Sentinel, July 2, 2007,,0,6081191.story

“National Survey on Electronic Personal Health Records,” issued on December 6, 2006 by Lake Research Partners and American Viewpoint, Markle Foundation, is available through PolicyBot™, The Heartland Institute’s free online research database. Point your Web browser to and search for document #21716.