News of the Day ... In Perspective10/12/2006
Medical records theft damages credit ratings, threatens lives
Two years after his health insurance card was stolen, Joe Ryan is still fighting to restore his credit and clear his medical record of erroneous information.
“An insurance card is like a Visa card with a $1 million spending limit,” says Byron Hollis, national antifraud director of the Blue Cross and Blue Shield Association.
Research conducted by the World Privacy Forum suggests that between 250,000 and 500,000 Americans have already been victims of medical identity theft.
False information can prevent the victim from getting insurance or certain jobs—or lead to dangerous errors in emergency care. One woman found that her blood type had been changed in the hospital record.
Information from the thief’s medical history is widely dispersed among caregivers, labs, and insurance companies, making it extremely difficult to set the record straight. Doctors may be reluctant to expunge erroneous information lest they be exposed to liability. For example, if they eliminated a note about severe back pain, they might be prosecuted for an illegitimate prescription for OxyContin, which would remain on file at the pharmacy. With computerized medical or claims records, the erroneous information still remains on archived backup files.
Some victims have discovered the problem when insurance was denied because they had inexplicably reached their benefit cap.
While most cases to date have involved drug peddlers and health freeloaders, some states are seeing a connection with organized crime.
Fraud experts are concerned that the National Health Information Network could open the door to even more identity theft (Max Alexander, Readers Digest, November 2006).
The Government Accountability Office (GAO) said it has discovered 47 weaknesses in the computer systems used by the Center for Medicare and Medicaid Services (CMS) to send bills and communicate with health care providers. The report focused solely on data transmission and did not assess the security of systems that store patient data (Kevin Freking, AP 10/3/06).