Home

  • Home
    • » e-Newsletters

Medical identity theft an increasing challenge: Educate your staff to protect patients and your facility

HIPAA Training Advisor, August 21, 2008

It’s a hot topic everywhere—in television commercials, movie plots, and on the nightly news. And it’s a growing concern. It’s identity theft.
 
Traditional identity theft is a familiar problem in the United States. Victims of identity theft brace for its effect on their finances and credit ratings. Medical identity theft is less well known, but it is just as problematic for patients, hospitals, and insurers.
 
Protecting against medical identity theft is a tall order for overburdened and understaffed hospitals, but its importance can’t be overstated. Medical identity theft has significant short-term and long-term implications for everyone involved. That’s why educating staff members on what medical identity theft is, whom it affects, how it affects them, and how to fight it is essential.
 
Why you should be concerned
 
Hospitals are often concerned about reputation and bottom line and medical identity theft can adversely affect both. For example, a hospital might inadvertently provide services to someone using a false identity and have little chance of receiving reimbursement for them. And reconciling illegitimate medical records created as a result of a theft means more headaches. Further, affected patients face a long, difficult road as they try to restore their credit history. And the hospital—particularly if it is directly at fault—faces a PR nightmare.
 
There hasn’t been a substantial number of criminal cases involving healthcare staff members who intentionally commit medical identity theft, says William H. Roach Jr., MS, JD, a partner at McDermott Will & Emery, LLP, in Chicago. Generally, medical identity theft occurs when staff members inadvertently publish PHI—employee error being far more common then intentional misconduct. However, the potential for medical identity theft to occur as the result of malicious intent exists, and it is a huge risk for providers, says Roach. “As more covered providers move to electronic health records for their patients, the risks of inadvertent disclosures and of intentional theft of information increase,” he says.
 
A victim of identity theft may face the following problems, says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR:
  • Potential civil and criminal action if an insurance company tries to collect bad debt associated with fraudulently obtained medical treatment and/or fraudulent claims payment.
  • Creation of a medical record that is incorrectly associated with the patient. The false record could include conditions that cause problems with respect to obtaining coverage.
  • Potential labeling as someone who exhibits drugseeking behavior.
  • Potential employment discrimination if certain conditions that can stigmatize their victims, such as alcohol and/or chemical dependency and mental illness, incorrectly become part of a patient’s record. 
What you can do
 
Hospitals should consider adopting the following big-picture strategies to minimize the likelihood that medical identity theft will affect their organizations:
  • Initiate comprehensive training that explains what medical identity theft is and the extent of potential damage to affected hospitals and victimized patients
  • Conduct routine reviews of employee performance to discover potential wrongdoing
  • Reinforce an internal culture of compliance that originates with the board of directors and CEO
  • Training should focus on fine-tuning patient identification tasks that staff members already perform. Teach your staff to recognize potential warning signs, such as a frequent visitor who uses different names, and to report suspicious situations to administration.

Most Popular