All small businesses have to worry about things like credit card fraud. Medical practices, however, have the added responsibility of guarding against medical identity theft. Medical identity theft is the illegal acquisition of a patient’s personal information–full name, Social Security number, health insurance number, and so on–with the intent to fraudulently obtain insurance reimbursements, prescription drugs, or the like.
Unlike fighting credit card fraud, which is common enough that even web hosts often feature built-in prevention tools, battling medical ID theft often falls to individual practices. There are some steps, of course, that can be taken at a higher level, such as working for change within the industry. In the end, however, most of the precautionary practices are ultimately implemented on a practice-to-practice basis. That means one more thing on the dentist’s already overflowing plate … one that is dangerously tempting to ignore.
But medical identity theft is a large and growing threat: In 2013, the health care industry accounted for 44% of all breaches, experiencing more data breaches than ever had before and surpassing total breaches for any other industry. Polls indicate that the public at large that doesn’t believe their health information is being protected, and rightly so: the current system is riddled with loopholes and all but obsolete in a digital era.
Medical identity theft is particularly troublesome in that it victimizes not only the dentist and the patient, but other medical professionals as well. For example, when fraudsters steal data, they may either go to different medical establishments (such as another doctor) and use the phony information to illegally obtain drugs for themselves … or sell the information to other criminals who do so.
In another scenario, fraudsters may file bogus insurance or Medicaid claims to obtain settlements. Many in the medical and insurance fields have specialists trained to be on the lookout for monetary fraud, but when a patient hands over all the pertinent information, there is little seeming reason for additional proof to validate the patient’s identity.
More and more, criminals are discovering that billing insurance for goods and services ordered using fraudulent medical credentials is easier and more profitable than other crimes. In fact, it has been estimated that medical identities are 20 to 50 times more valuable to criminals than financial identities. The increasing need to digitize patients’ health information means the problem is only going to get worse.
Unfortunately, industry-wide updates to acceptable best practices are still a long way off. Health care companies could be doing more to prioritize information security, the way the credit card industry has migrated to EMV “chip” card technology … but so far, that isn’t happening.
Equally unfortunate is the fact that the antiquated system in the U.S. makes it nearly impossible to clear up a medical record once this type of identity theft has occurred. However unfair it may seem, for now, dentists are largely on their own when it comes to protecting patient data.