Ronnie Bogle is a victim of medical identity theft—a condition that could have proven fatal.

“I am severely… allergic to penicillin, and if they had given me that I wouldn’t be sitting here,” Ronnie told NBC affiliate KING5. His compromised medical identity—a common problem with medical identity theft—puts him at risk for a lethal dose of the antibiotic.

Linda Reed, CIO of Atlantic Health System Inc., told the Wall Street Journal, “Medical identity theft is a big issue. They steal your medical identity and have a procedure or treatment done, and it’s fused with your records.”

Medical Identity Theft Is More Common Than You Think

In an era of healthcare data breaches, Ronnie’s experience is neither unique nor rare. The newly released Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, conducted by Ponemon Institute, indicates that more healthcare organizations and BAs are aware of medical identity theft cases that have occurred since last year’s study. In addition, respondents agree that patients are at an increased risk for financial and medical identity theft if their protected health information is exposed.

And the Fifth Annual Study on Medical Identity Theft found that not only is this type of fraud consistently growing, it nearly doubled in the five years of the study, from 1.4 million adult victims in 2010 to over 2.3 million in 2014.

Download: The Medical Identity Theft eBook

HIPAA Hinders Victims of Medical Identity Theft

Ronnie Bogle’s troubles began when his brother Gary stole Ronnie’s medical identity and used it to receive expensive treatments at hospitals from Florida to Washington. In addition to health risks, Ronnie was left financially responsible for thousands of dollars for care that he never received. However, as he told KING5, HIPAA’s privacy laws precluded him from getting the information he needed to fix the problem.

“The moment you say identity theft, they say, ‘Because of HIPAA, we can’t talk to you any more,’” Ronnie said. “I’m talking about hospital, after hospital, after hospital. ‘We have to protect the rights of the person that was actually treated. So, therefore Ronnie, if you are telling us this is not you, we can’t talk to you any longer.’”

That’s not to say that regulators are unaware of the problem of medical identity theft. “Identity theft is pervasive throughout health care,” Gary Cantrell, deputy inspector general for investigations at the U.S. Department of Health and Human Services’ Office of Inspector General, told the Wall Street Journal. “We see it as a growing concern.”

Matching the Solution to the Problem

Despite the rising threat of medical identity theft, most respondents in the Ponemon study say they don’t offer any protection services for breach victims, nor do they have a process in place for correcting errors in victims’ medical records. And healthcare organizations that do offer identity monitoring and protection services to breach victims often miss the mark. For instance, they offer credit monitoring to patients whose medical identity has been exposed. This is, as we’ve noted, like treating a broken leg with a heart transplant.

Analysts have been critical of the type of identity protection services offered to breach victims. Regarding one particular identity protection offering, Forrester analysts noted: “Unfortunately, customers saw free credit monitoring services as an empty gesture—the onus was still on the victims to protect themselves and younger family members from financial or medical identity theft that may occur years down the road.”

Hospitals and other providers can no longer afford to miss the mark. Healthcare organizations that don’t provide breach victims with identity protection services need to start. And healthcare organizations that offer inadequate or mismatched protection have the opportunity to bring greater peace of mind and protection to patients by aligning the solution to the problem—a problem, that as Ronnie can testify, is not going away any time soon.

This is why the medical identity fraud alliance (MIFA) was founded, to help bring awareness to this alarming problem. Its mission is to strengthen the healthcare ecosystem by working to reduce the frequency and impact of medical identity fraud. Members and partners include healthcare providers, health plans, their business associates, other trade associations, academia and public organizations. Organizations can learn more by visiting