
Legal experts say lawbreakers use medical information to get credit card numbers, drain bank accounts or falsely bill Medicare and other insurers.
Hospitals and other medical settings often encrypt data and take other steps to protect privacy, but "people are acting with increasing sophistication to steal information," says Stuart Gerson, a Washington, D.C.-based attorney who represents health care firms.
Those intent on crime "attempt to gain the assistance of insiders" and use new techniques to capture data from files, even those that are encrypted, he says.
Pam Dixon, executive director of the World Privacy Forum, an advocacy group, says "sophisticated crime rings" often can make more money by stealing medical identities than by going after individuals' bank accounts or credit cards. "If you steal someone's medical identity, then multiply that by 100 or 1,000" other thefts "and do fake billings, you can make hundreds of thousands, if not millions, of dollars," Dixon says.
In Florida last year, a front-desk coordinator at the Cleveland Clinic was convicted of identity theft, computer fraud and other charges after downloading patient information and selling it to a cousin, who submitted more than $2.5 million in phony bills to Medicare.
In April, a former New York-Presbyterian Hospital employee was arrested for participating in an identity theft scheme in which he allegedly accessed nearly 50,000 patient records over two years.
False information from fake billings can end up in patients' medical files — and creditors might seek payment from the patients. Until the creditors call, patients might not know their medical information has been accessed.
In a recent survey of 263 health care providers, 13% said their facility had experienced a data breach. Of those, 56% said they notified the patients involved, according to the survey by HIMSS Analytics, a non-profit data analysis firm, and Kroll Fraud Solutions, which offers security-related services.
In January, California began requiring that consumers receive notice when their medical information is improperly accessed. It is only the second state, besides Arkansas, to do so, Dixon says.
Get the full article here http://www.usatoday.com/news/health/2008-05-06-privacy_N.htm
< Prev | Next > |
---|