Medical identity theft up 20% since 2012

Many people do nothing to prevent medical identity theft, largely because they don't know how, according to a new survey report from the Ponemon Institute.

It estimates the number of victims at 1.84 million, an increase of nearly 20 percent in the past year, and puts the annual cost to consumers at $12 billion. The institute also announced a public-private effort, called the Medical Identity Fraud Alliance, to address the problem.

It defines medical identity theft as when one person uses another's name and personal information to fraudulently obtain medical services, prescription drugs or submits fraudulent billing. The consequences can be deadly.

The institute found:

  • Half the consumers surveyed were not aware that medical identity theft can create life-threatening inaccuracies in their medical records through misdiagnosis, mistreatment or the wrong prescriptions.
  • Medical identity theft victims surveyed experienced a misdiagnosis (15 percent of respondents), mistreatment (13 percent), delay in treatment (14 percent) or were prescribed the wrong pharmaceuticals (11 percent). Half of those respondents who have been victims of identity theft have done nothing to resolve it.
  • Fifty-four percent of consumers do not check their health records because they don't know how--and they trust their healthcare provider to be accurate.
  • Thirty percent of respondents had allowed a family member to use their identity to receive medical treatment; 20 percent said they couldn't remember how many times they had done so.

"Medical identity theft is tainting the healthcare ecosystem, much like poisoning the town's water supply. Everyone will be affected," said Larry Ponemon, chairman and founder of the Ponemon Institute.

Consumers can help ensure the accuracy of their records by taking steps such as reviewing and reporting inaccuracies in their Explanation of Benefits, safeguarding health insurance cards and paperwork, and checking annually the benefits paid by their insurer.

Medical identity theft can wreak havoc on providers, as well. The institute previously reported that when a physician's professional identifiers are stolen, they can spend a year and more than $22,000 trying to clear their name.

And no hospital wants to be in the news from disgruntled employees stealing and potentially selling patient information.

While most healthcare organization understand the risks of a breach, including violating the Health Insurance Portability and Accountability Act, many aren't taking the proper steps to prevent one, a Ponemon report published in April found.

What's more, Ponemon's third annual study on patient privacy and data security--published in December--determined that a whopping 94 percent of the 80 participating healthcare organizations experienced at least one data breach that they were aware of in the past two years; 45 percent of those organizations said they experienced more than five incidents during that time. According to the report, such breaches cost organizations a total of $6.78 billion annually.

To learn more:
- access the survey (registration required)
- find the announcement

Read more on