Data breaches first appeared just 10 years ago when certain states enacted legislation that required the public disclosure of data breaches impacting consumers. Now they’re part of the consumer vocabulary. That’s no surprise, given that breaches affect the financial and physical health of consumers. Identity theft is the fastest growing crime in the U.S., according to the FBI; an identity is stolen every 3 seconds, a recent Javelin Study found. This infographic, A Decade of Data Breach, provides a snapshot of identity theft and data breach over the last decadeand isavailable here:

Financial identity theft has become well understood in the U.S. over those 10 years and protecting consumers from harm has become an industry. But what is not well understood is that one of the fastest-growing trends in ID theft is medical identity theft, affecting over 2 million people in the U.S. in 2011.

With its serious health risks, medical identity theft is far more dangerous than consumer or financial fraud. For instance, when a victim’s medical records are merged with a thief using the same identity, that record becomes “polluted.” The victim may be denied treatment or be misdiagnosed based on this inaccurate information. In addition, patients may be denied life insurance or billed for services not rendered. A few real-world examples illustrate the dangers:

  • In Oregon, a pregnant woman delivered a baby addicted to crack using another woman’s social security number—and then abandoned the baby. Police arrested the victim and put her children into protective custody.
  • A hospital’s billing department notified a pregnant woman in Washington that someone had used her social security number to be treated for a crack overdose at the ER of the same facility where she was about to deliver her baby.
  • A patient in Texas used a California man’s medical identity to obtain radiation treatment. When patient’s records merge with the thief’s records, healthcare providers will think the patient has a condition he doesn’t have.
  • One woman used her sister’s medical ID to receive treatment for a serious sports injury. When chronic problems arose after she had her own insurance, she was denied coverage for treatment because there was no record of her initial injury.
  • Another woman couldn’t get physical therapy following neck surgery because a Miami clinic that she had never visited claimed her insurance benefits had been maxed out.

Healthcare organizations have a moral obligation to step up their privacy and security efforts to safeguard personally identifiable information (PII) and protected health information (PHI). And legislators need to update their thinking about data breaches and identity theft. It is not just consumers’ wallets and reputations we need to protect, it is the personal wellbeing of that consumer as well.