There are several recent studies showing medical identity theft and medical fraud increasing. There are several converging factors such as the high black market value of protected health information (PHI) and the recent, dramatic increase in electronic PHI and electronic health records (EHR), fueling the increase in medical identity theft and medical fraud. It does not appear that this trend will subside soon.

Devices & IoT: How Your Gadget Could Be Your Security Downfall

What are the risks of medical identity theft?

Most consumers when asked about the risks associated with medical identity theft, think about an identity thief getting access to prescriptions (i.e. opioids) or services using someone else’s health insurance. While these are risks, there is actually a risk to patient safety associated with a patient’s electronic health record being changed as the identity thief uses the patient’s medical identity.

What are the risks to patient safety?

  • An increasing number of medical records are being corrupted with erroneous medical information, putting the victims of this type of identity fraud at a serious health risk.
  • When medical identity fraud is perpetrated, the victim’s health information becomes corrupted, or comingled, with that of the identity thief’s health information.
  • Unlike financial identity theft, medical identify theft has the potential to negatively impact health outcomes for its victims.
  • When an individual’s medical record is corrupted with information from an identity thief, the victim may suffer misdiagnosis, mistreatment or experience a delay in receiving the proper healthcare due to confusion about the individual’s actual health status. Information such as allergies, blood type and diseases may be incorrect in a health record.
  • Studies show that over 20% of medical identity fraud victims have experienced misdiagnosis, mistreatment or a delay in receiving care due to misinformation or confusion about their true health status or health history. Improved fraud reduction programs can reduce these negative health outcomes, increasing quality improvement.

Is there an app to help consumers detect medical identity theft?

Consumers have gotten accustomed to receiving alerts from their financial institutions when a checking transaction occurs or their credit card company when a purchase is made outside of their home state. I expect consumers will have an expectation that the healthcare industry will also provide alerts when their health insurance number is used to get a prescription filled, or when a doctor is checking the status of their insurance eligibility for a procedure, or when their health plan is paying a claim for services.

The current technology to help consumers detect medical identity theft is based on monitoring the dark web. The current technology scans the dark web, specifically internet chat rooms where criminals are selling health insurance numbers. The technology then sends an alert to the consumer indicating this activity is occurring.

With dark web monitoring, the onus is on the member to provide their “Medical ID” which could take on many forms (subscriber ID, group ID, medical record number, Medicare number, etc.). Beyond that, the member must also be aware they would be best served to provide more than just one piece of medical ID-related information if they want to ensure the most complete coverage blanket. More likely, a member might provide only one medical-related ID and generic dark web monitoring, for example, will monitor for that one ID, creating gaps in monitoring coverage. If dark web monitoring finds it somewhere in the open through an internet scan, it will return that ID value as an alert. At that point, the member has to decide what action to take which is difficult since there is little to no information to act on like you get from a credit monitoring alert which indicates a fraudulent account being set up.

New technology available to detect medical identity theft

There are new medical identity monitoring technologies in the marketplace that significantly improve a consumer’s ability to receive alerts when their medical identity is being used and more importantly to be able to identify and act on the alert. This new technology acts on eligibility and insurance claim data being submitted to your health plan to trigger an alert for the consumer.

The difference between a generic dark web monitoring and the new medical identity monitoring technology is it will alert the member if their medical identity is actually being used while the cyber monitoring service only detects if the ID is “out in the open” on the internet. Medical identity monitoring mines healthcare data at the EDI transactional level and surfaces alerts to the member based on member preference, analytics and a calculated risk score, ensuring the alert to the member has precedence and meaning. With this alert, the member has the power to conveniently validate or invalidate the nature of the specific health care transaction that took place in their name and under their healthcare benefits.

Put simply, dark web cyber-scans only monitor for the presence of medical IDs on the dark web, and only provide as much coverage as the member who provides their information to be monitored (one medical ID vs many medical IDs). Furthermore, if the cyber scan does return a match, there is still no additional value added to the member on what they can do or if their medical identity is being used by the thief. On the other hand, medical identity monitoring goes further and monitors actual activity (claims, benefit eligibility requests and ePrescribing activity) and can provide the member with actionable insight and proactive call to action.

Devices & IoT: How Your Gadget Could Be Your Security Downfall