Controlling medical identity theft and fraud

Insights from Ann Patterson of the Medical Identity Fraud Alliance

Rising rates of medical identity theft raise serious concerns for program integrity and health insurance customers. To learn about responding effectively to this threat, FierceHealthPayer: Anti-Fraud spoke to Ann Patterson (pictured), senior vice president and program director of the Medical Identity Fraud Alliance (MIFA). MIFA is a cooperative public and private sector effort created to unite stakeholders in developing solutions and best practices to prevent, detect and remediate medical identity fraud.

FierceHealthPayer: Anti-Fraud: What can you tell us about the growth and effects of medical identity theft and fraud?

Ann Patterson: Between 2012 and 2013, the number of medical identity theft victims grew by 19 percent, according to results of a Ponemon Institute survey. That's a large year-over-year jump. Correlating that to the overall population, 1.8 million people were victimized or in some way affected by medical identity fraud. That works out to more than 300,000 new victims in 2013, representing about $12 billion in out-of-pocket costs. The Identity Theft Resource Center reported that as much as 43 percent of the identity theft they track is medically-related.

FHPAF: What factors contribute to increases in medical identity theft and medical identity fraud?

Patterson: Fraud jumps channels as the product delivery mechanism progresses with technology. Anything relating to mobile communications or the internet is going to become a risk. It's becoming pervasive for providers to store electronic protected health information, but it's hugely pervasive from a patient standpoint as well.

Think of all the websites people visit for advice when they have health symptoms. They go online, enter personal data and open an account, and the site returns medical feedback. In the health and fitness world, people track their diet, weight or health conditions on websites offering health management advice. People don't think about it, but these behaviors add to their cyber health identities and electronic health records.

Another contributing factor is that the monetary value of protected health information (PHI) is increasing based on supply and demand. Law enforcement is seeing a rise in medical fraud as perpetrators move into healthcare. As they do, the value of PHI on the black market increases. If criminals steal these data, they can sell them at a much higher cost than banking credentials, for example.

The impact of the Affordable Care Act is another contributing factor. As more people become insured, more electronic health records are created. So there are more identities to manage electronically.

Keep in mind that as we move into an electronic health records world, the healthcare ecosystem grows exponentially. It used to be that you went to your doctor, he charged for something and you wrote him a check. Now the doctor might bill an insurer, so your information goes to a third party. If the insurer electronically transmits payment information, maybe there's a financial institution involved, so there's fourth party.

All points of contact for health information should have high standards for data protection. But everyone in that chain isn't equally aware of medical identity fraud. That becomes another contributor to the problem.