California DOJ unveils guide to fight EHR-oriented medical identity theft

California's Department of Justice has published a new guide to help providers, payers and others combat medical identity theft of patient information held electronically.

The 31-page guide outlines a number of best practices for dealing with this insidious form of identity theft, which California's attorney general Kamala Harris calls "the privacy crime that can kill." The guide notes that "[s]trategic use of technology can help prevent, detect and mitigate the harmful effects of the crime."

Some of the recommendations include:

  • Using the audit capabilities of electronic health records to aid in detecting unauthorized access to patient records
  • Utilizing electronic flagging of compromised patient records
  • Alerting health information organizations of incidents of electronic medical identity theft
  • Offering copies of the relevant EHRs to patients for free so they can review them for signs of fraud
  • Implementing an identity theft response program
  • Including medical identity theft "red flag" requirements in Stage 3 of the Meaningful Use program

"EHRs can simplify meeting records re­quests and improve the role of patients in detecting signs of fraud in their medical records," the guide notes. "With the patient's participation, many errors could be detected sooner and potential medical identity theft flagged before the harm escalates."

Patient records in EHRs can be particularly vulnerable to privacy and security violations, leading to financial and medical identity theft and other inappropriate use of the information.

To learn more:
- here's the guide (.pdf)