Differences between identity theft and medical theft with prevention strategies

Identity & Medical Theft

Identity Theft and Medical Theft

Identity theft occurs when a victim's name, social security number, or other personal identifying information gets used to commit fraud or other crimes (Lafferty, 2007). Fraudsters use the information to set up loan accounts, draw from the victim's bank accounts, or set up other charge accounts in the victim's name. Identity theft is governed by the Identity Theft and Assumption Deterrence Act as well as state statutes, such as Florida Statutes section 817.568, to criminalize identity theft. Other laws that govern identity theft are Identity Theft Victims Assistance Act of 2002, Identity Theft Prevention Act of 2001 (Identity Theft Laws) as well as the Fair and Accurate Credit Transactions Act (FACT Act) (Identity Theft Regulations). Identity theft can occur in any setting, including a medical setting, without being medical identity theft. Penalties for identity theft can be brought to organizations for not adequately securing against breaches and risk of damage to reputation for breach disclosures.

Medical identity theft is the falsification of a victim's medical records with information from the perpetrator and crime. It occurs anytime a person's identity, such as name, insurance information, is misappropriated to obtain medical services or goods or to make false claims for medical services or goods and falsify medical records to support those claims. Healthcare fraud is the falsification of medical records with or without identity theft. Medical identity core issues are the intentional misuse of personally identifying information and healthcare fraud is the intentional submission of false claims.

Medical identity theft is a combination of identity theft and healthcare fraud. It is both information and healthcare fraud and abuse that results in financial, medical, and other harms to victims, such as financial losses, false entries in medical records, the denial of insurance or the use of all available insurance benefits be "capped," loss of patient, physician, and healthcare organization reputation, depending on who is victimized. There is loss of time in correcting these damages as well as the loss of medical record privacy.

Medical identity theft falls into five categories. Bad guys get sick and use the victim's medical records and insurance information to obtain treatment. Relatives or friends will use another relative or friend's information to obtain treatment. Professionals can be dishonest and fabricate services to cover a medical error. Organized crime, or phony clinics, lures Medicare patients to charge the government for claims and usually close after a few months. Innocent or not so innocent opportunists, individuals who have access to confidential health information can steal, sell, or use the information for personal gain.

Organizations can guard data by maintaining strong security measures, including policies and procedures, access controls with usernames and passwords, authentication, and audit controls, and even encryption devices to protect personal medical information. Access controls can only allow employees to access information to do their individual job duties and hold each employee accountable for the information they access. Audit controls can identify what employees do in the information system.