Football season is underway. Fans paint their faces, grab artery-clogging hotdogs, and yell the opposing team into oblivion. We must apply that same fervor to fighting medical identity theft. The Ponemon Institute’s 2013 Survey on Medical Identity Theftreceived national coverage—, The Wall Street Journal, and CNN to name a few—highlighting the societal nature of this crime.

Given its pervasive nature, the issue of medical identity theft cannot be tackled alone. It takes a team. The Medical Identity Fraud Alliance, which sponsored the Ponemon report, has assembled an impressive roster of industry players to fight this problem. Participants include health plans, healthcare providers, industry experts, and legislators, each with their part to do.

Tips for Healthcare Providers

Perhaps more than any other team member, healthcare providers create, process, and secure vast amounts of sensitive patient data. They play a crucial role in fighting medical identity theft. ID Experts recently published the HIPAA Final Omnibus Rule Playbook to help covered entities and their business associates come into compliance. The plays outlined in the playbook can help healthcare providers better protect PHI/PII against a breach, thus reducing the likelihood that a patient will become a victim of medical identity theft. A few of the key plays include:

Conduct a security risk analysis.Electronic health records have become a fact of life—putting more data and more patients at risk. A security risk analysis provides a prospective and in-depth analysis of the risks to your information assets involving electronic PHI and recommendations to meet the requirements of the HIPAA Security Rule.

Provide employee training.The Department of Health and Human Services requires periodic privacy and security training for all employees of healthcare organizations. This is critical, given that an industry survey[1] found that the leading source (38 percent) of breach incidents is due to lost paper files and that the leading source of discovery of these incidents is from non-IT employees.

Develop and test an incident response plan. Like it or not, data breaches are an everyday occurrence, and healthcare providers must be prepared. A ready-to-execute incident response plan can help minimize the impact of a breach incident on organizations and their patients.

A Game or a War?

With people’s lives at stake, medical identity theft is no game. It’s an ongoing battle against thieves, fraudsters, and even well-meaning family members to protect patients and their identities. The Medical Identity Fraud Alliance seeks to provide a solid defense against this crime, and the more who join, the better chance we have of winning. I encourage you to learn more at

[1] “Health data breach trends from HCCA, SCCE survey,” January 25, 2013,