VA Northern Indiana Health Care System
The following article was published by the Veterans Health Administration (VHA) due to an increased risk of medical identity fraud. There are many scams out there including telephone, email, in-person, etc.
If you think you may be a victim of identity fraud please contact the following VA representatives:
Scott A. Dubois
Information Security Officer
VA Northern Indiana Health Care System (Marion Campus)
Office Phone: 765-677-3171
Jane E. Sowers, RHIA
VA Northern Indiana Health Care System
Office Phone: (260) 426-5431 ext. 71058
Protecting Veterans from Medical Identity Fraud
by Bruneau, Dan Available on 3/17/2017 11:46 AM
Medical identity fraud is a major problem in our current society’s healthcare and financial systems, and unfortunately, it continues to rise. According to a recent article from Healthcare IT News, nearly nine million patient health records were breached, spanning 164 reported incidents, in 2014. In March 2015, that 9 million increased by a factor of 10 (Healthcare IT News, “Medical Identity Theft: Problems and Prevention”).
By 2016, it was estimated that one in three healthcare patients would be compromised (Washington Times article, December 10, 2015). How does this affect Veterans who may be particularly vulnerable due to service-related disabilities and who use private health-care providers? To understand its effect, we must first understand what medical identity fraud is.
The U.S. Department of Health & Human Services Office of Inspector General (HHS OIG) defines medical identity fraud as “when someone steals your personal information to obtain medical care, buy drugs, or submit fake billings to Medicare in your name” (HHS OIG, “Medical ID Theft/Fraud Information”). The Medical Identity Fraud Alliance explains it as a crime that involves the theft of Personally Identifiable Information (PII) from another individual. PII is any data that could potentially identify a specific individual, or that can be used to distinguish one person from another (such as a Social Security number). In this case, with medical identity theft, this can also include theft of Protected Health Information (PHI), which is any information regarding the health or condition of an individual, provision of healthcare, and payment information for healthcare.
The use of PII and PHI is what defines “medical” identity fraud, in that the fraudster uses PII or PHI for financial gain and to obtain medical goods and services. Not only does it affect the Veteran patients whose information has been stolen, but insurance companies, taxpayers, and healthcare providers also fall victim as they are providing healthcare or reimbursement payments to fraudulent individuals.
PHI is very valuable on the black market because it allows individuals to obtain pharmaceuticals, commit insurance fraud, and obtain medical care through Medicaid or Medicare. Additionally, PII helps fraudsters create fake identities based on personal descriptions. According to an FBI report, thieves can buy stolen health identity information for $60-$70 and Social Security numbers (SSN) go for less than $1 on the black market (Healthcare IT News, “Medical Identity Theft: Problems and Prevention”). In a 2015 report on medical identity fraud, the Medical Identity Fraud Alliance found that medical identity theft generated a $30+ billion loss each year for the health industry. Patients also had to pay an average of $13,500 to fix medical fraud issues (“Fifth Annual Study on Identity Theft,” Medical Identity Fraud Alliance, February 2015).
One of the biggest factors that are most likely contributing to the rise of medical identity fraud is the fact that heath care providers must digitize all health and patient information. Therefore, most health care is electronic, making it an easy target for hackers. Medical records contain payment, billing and credit card information. Most often, they also contain an SSN and the victim’s identity description, such as weight, height, hair color, and eye color.
Today, one in four U.S. consumers (about 26 percent) is victims of healthcare data breaches (Accenture Health 2017 Consumer Survey). Accenture’s most recent health survey explains that 50 percent of these breaches were the result of identity fraud, paying $2,500 out-of-pocket costs for each incident. The highest percentage of these breaches occurred in hospitals, urgent clinics, and pharmacies, with hospitals being the number one target. According to the survey, the data stolen was used for purchasing items, billing for care, receiving medical care, filling prescriptions, and accessing or modifying health records. Veterans who rely on privacy sector health care have likely been impacted by these trends.
In response to the survey, Accenture developed several key actions for healthcare organizations to help protect themselves against medical identity fraud:
Improve response capabilities by handling breaches quickly and effectively to limit damage.
- Share threat information with others and communicate to consumers which actions you have taken.
- Manage your risks by making cybersecurity investments and help build digital trust with consumers.
- Validate downtime procedures by reducing recovery time to minimize impact.
- Recognizing threats, minimize exposure, and identify and protect high-priority assets.
Not only is it up to healthcare organizations and insurance companies to keep our information private and safe, but Veteran consumers must get smart about how and when they share their information. Young adults ages 18 to 24 are one of the most susceptible groups to any identity theft (Huffington Post, “Four Biggest Targets for Identity Theft”). Younger Veterans are often first-time credit card users, social media users, smartphone users, online shoppers, and often use public Wi-Fi hotspots. At this age, many young adults are naïve to protecting their data and information. Also susceptible to identity fraud are consumers with weak passwords who make it easy to hack their online health accounts.
While medical identity fraud is often a result of data breaches by savvy hackers, Veteran consumers should know what they can do to protect their private information. HHS OIG created a helpful Medical Identity Theft brochure to help consumers know what to look for and what to do for Medicare and medical fraud.
DETER fraud by:
- Guarding your SSN and Medicare number carefully,
- being suspicious of anyone who offers “free medical equipment or services,” and
- never letting anyone borrow or pay to use your Medicare ID or your identity – it’s illegal! If your Medicare card is ever lost or stolen, call and report it to Social Security at 1-800-772-1213.
DETECT fraud by:
- Walking away if someone approaches you in public and offers you anything for free in exchange for your Medicare number,
- hanging up the phone if someone claims to be conducting a health survey and asks for any PII or PHI, and
- never giving medical or payment information over the phone to marketers who claim to be from Medicare or Social Security.
As with any type of identity fraud, continue to check your medical bills, mail, notices, explanation of benefits, and credit reports. If you see anything unusual on your medical documents, such as an incorrect bill, collection notice for something you did not receive, unpaid bills for services you did not receive, or incorrect dates, contact your healthcare provider right away. If your provider cannot resolve it, call Medicare. If you suspect Medicare fraud, contact HHS OIG. Additionally, you should contact the Federal Trade Commission (FTC) if you think someone is misusing your personal information. By periodically checking your documents and medical records, you’re already less susceptible and taking the right steps to avoid medical identity fraud.
The FTC urges consumers to get copies of their medical reports if they fear they’re a victim of medical identity fraud. Federal law gives you the right to your medical files. Check them for errors and then contact everyone involved from the doctors, to the clinics or hospitals, pharmacies and labs, and healthcare plans. The FTC also explains steps for consumers to follow if their medical records are incorrect. You can find more information and report cases of identity theft at identitytheft.gov.
Amy L. Rose
and VA Identity Safety Service