News Feature | September 30, 2013

Survey Says Providers Should Do More To Prevent Fraud

Source: Health IT Outcomes
Greg Bengel

By Greg Bengel, contributing writer

A new survey from the Ponemon Institute offers some tips for provider organizations on how they can help protect patients from medical identity fraud

Traditionally, medical identity fraud is thought of more as a patient problem and less of a provider problem. A recent study conducted by Ponemon Institute with the Medical Identity Fraud Alliance (MIFA) and ID Experts called the 2013 Survey on Medical Identity Theft, however, does more than offer facts and tips for patients looking to avoid fraud. The study also offers some tips for provider organizations, and stresses the importance of organizations to work to reduce this fraud.

An article about the survey on Health IT Security says that providers are not doing enough in this regard, and that people trying to get that message across to them is nothing new. “It seems as though organizations don’t often respond to findings such as those found in the 2013 Survey on Medical Identity Theft unless government agencies are threatening them,” says the article. “So consultants and advisors are always looking for the best ways to get their messages across to healthcare organizations.”

The problem is devastating. According to the survey, 1.84 million people in the U.S. are affected by medical identity fraud. It is estimated, the survey says, that these victims lose more than $12.3 billion in out-of-pocket expenses due to medical identity fraud. Further, 50 percent of respondents said they take no steps to protect themselves from medical identity theft, and 48 percent of respondents say their identity theft case still has not been resolved.

According to the study, provider organizations must do more to help patients protect themselves from fraud. Health IT Security quotes Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, on how organizations need to do better. “What we’ve found is that a lot of organizations [just] within the last couple of years are starting to recognize medical identity theft as not just a patient problem but their problem as well,” he is quoted. “So they’re trying to resolve the issue by developing better forms of authentication and security. But I will safely say that while there are organizations that may be leaders in security, that’s not the majority of companies. Most still aren’t doing enough to prevent these patient crimes.”

Also quoted is Rick Kam, president and co-founder of ID Experts. “As Larry [Ponemon] and I have reported back on for the past three years, one of the points that we’ve been trying to get across recently is that of organizations viewing a breach as a low-frequency event that might occur, they should incorporating protecting protected health information (PHI) and personally identifiable data (PII) into their daily operations and risk management functions,” says Kam. “This includes annual risk assessments and evaluating BYOD policies and strategies.”

An article from JD Supra Law News concerning the survey points out that “Under the expanded provisions of the HIPAA Omnibus Final Rule, government regulators are holding providers accountable for incidents in which patient information is stolen and used to commit identity theft, regardless of whether the perpetrator is brought to justice. Additionally, victims of identity theft are increasingly resorting to class action litigation in an attempt to recover damages incurred as a result of the theft. These activities corroborate the results found in the Survey regarding patients' lack of trust and confidence in their healthcare providers.”