How to Prevent Medical Identity Theft

Posted  June 30, 2014  by  Shred-it

Industry experts say that medical identity theft is the fastest-growing form of identity theft in America today – and there’s no shortage of research to prove they’re right.  

  • The Ponemon Institute 2013 Survey on Medical Identity Theft sponsored by the Medical Identity Fraud Alliance shows that medical identity theft increased nearly 20% in 2013 and affected approximately 1.84 million victims in the United States.
  • The Redspin Breach Report 2013: Protected Health Information (PHI) shows that over 7 million patient health records were breached in 2013, which was a 137.7% increase in the number of patient records breached in 2012-2013.
  • Identity Theft 911 says that medical identity theft accounted for 43% of all identity theft reported in 2013. It also points to estimates by the U.S. Department of Health and Human Services that up to 67.7 million people’s medical records have been breached since 2009.

Medical identity theft is when stolen personal information is used to get medical care, prescription drugs, or medical benefits. While it ends up costing healthcare providers, insurance companies, taxpayers, and the individuals whose identities get stolen, there’s also a risk to health if medical records get altered and incorrect medical treatments are provided. 

While there are clear privacy laws protecting health information – in the U.S., the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), and in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) – there’s much more that workplaces can do. Here’s how you can prevent medical identity theft:

  • Consumer education. Many of the reported cases of medical identity theft in the Ponemon study resulted from sharing personal identification with family and friends. Healthcare providers, government agencies and insurance companies are encouraged to help educate patients/clients that sharing personal information this way is considered fraud.
  • Weed out impostors. Improve authentication procedures to ensure impostors are not obtaining medical services and products.  
  • Portable devices. The Redspin report shows that the loss or theft of unencrypted portable devices consistently accounts for over one third of all large breach incidents. While the latest computer security tools are necessary on all computers, make encryption of data on portable devices a policy in your organization as well. 
  • Secure storage. Medical records must be retained by law for up to 15 years. It’s critical to protect this information by locking it in a file cabinet or an office, and limiting access. Where possible, convert paper documents to electronic documents. 
  • Employee training. The lack of security awareness among employees is your overall biggest risk, according to the Redspin report. Create a culture of security in your workplace, and invest in security awareness with situational training, hotlines, reminder posters around the office, screen-saver reminders, and monthly tips.
  • Paper and e-media destruction. Partner with a document destruction company so that when protected health information is no longer needed, it is removed and securely destroyed on or off site. Here is a list of documents to shred in the medical workplace. A shred-all policy – all waste goes into the supplied locked receptacles for secure destruction – will reduce the risk of human error.
  • Partners. Ensure that your business partners and associates are safeguarding medical information and all sensitive information effectively too. 

Learn how to prevent medical identity theft and protect the information of your employees and patients.


Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service

Company info

Your info

Additional Info