Identity theft of health records has become a national epidemic, with 64,150 data breaches occurring since 2009 (including 24,429 last year alone) according to
the Office for Civil Rights, an arm of the US Department of Health and Human Services.
While health care providers are required by law to report any breaches under the HIPAA Act (Health Insurance Portability and Accountability Act), which is supposed to protect patients’ medical privacy, the risk for such theft has increased as they are being encouraged to record and store information electronically in order to cut costs. In fact, a report published in December, the Ponemon Institute (a privacy firm based in Michigan) and ID Experts, a data breach consulting firm from Oregon, “94% of 80 health care organizations surveyed admitted to at least one breach in the past two years.” 45% had more than five breaches during the same period.
Among these institutions is the North Shore-Long Island Jewish health system, which was sued for $50 million by 12 former patients last month, which charged that the organization was “negligent in allowing their medical information to be stolen.”
Similarly, North Shore University Hospital in Manhasset is facing a class action suit by more than 128 patients after it was revealed that an identity theft ring had “lifted the top sheet of their medical files that contained personal information including their social security numbers.”
Not only do identity thieves use the information to run up credit card bills, many have been found to charge their own medical procedures and tests to their victims’ insurance, corrupting their records and making it nearly impossible for them to make corrections because many hospitals argue that the false information can’t be over-turned without the consent of the imposter. There is also no guarantee that it won’t happen again.