Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Awards
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
    • Women in Healthcare
    • - Luminaries
    • - Top 25 Diversity Leaders
    • - Leaders to Watch
    • - Luminaries
    • - Top 25 Women Leaders
    • - Women to Watch
  • Events
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Custom Media Event: ESG Summit
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Social Determinants of Health Symposium
    • Leadership Symposium
    • Health Care Hall of Fame Gala
    • Top 25 Women Leaders Gala
    • Best Places to Work Awards Gala
    • Top 25 Diversity Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Strategic Marketing
    • - Virtual Health
  • Listen
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
March 04, 2015 12:00 AM

Data breaches can lead to major medical identity theft issues

Bob Herman
Darius Tahir
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    A healthcare data breach, such as the recent massive one at health insurer Anthem, means more than lost data for a patient: it can mean lost money and, in the most extreme circumstances, a completely altered medical history.

    The financial ramifications can come when credit card and identity information is stolen. For example, the Community Health Systems breach in summer 2014 has caused several lawsuits alleging specific harms to patients. William Lutz, a CHS patient in Lafayette Hill, Penn., contends the data loss resulted in hackers making more than $40,000 in illegal charges and setting up new financial accounts in his name.

    Hixie Lewis, a CHS patient in Alabama, said a third party opened—and maxed out—two credit cards to Victoria's Secret, which is still pursuing her for the debts run up on the cards. Class-action lawsuits against Anthem have popped up and allege potential financial harm.

    However, in both cases, the companies have maintained patients' medical data was not compromised. Theft of medical records poses not only financial but also potentially life-threatening harms to patients. Yet, a lack of public indignation about such breaches indicates the industry has not hit a tipping point that will force it to change its procedures by spending more on data security.

    A February 2015 report from the Ponemon Institute surveying medical identity theft victims—whose ranks are often swelled by data breaches—found that of the surveyed patients, about two-thirds said they had paid money to resolve the theft. Those patients paid an average of $13,500.

    Stealing medical identities is done to commit healthcare fraud. As a result, “you have to reimburse either the healthcare provider or your health plan for a medical good or service that the identity thief enacted,” said Ann Patterson, senior vice president of the Medical Identity Fraud Alliance.

    Unlike in the credit card industry, where cardholder liability is limited for fraudulent charges, patients often have to pay either the insurer or the provider in question, she said.

    Cletis Earle, chief information officer of St. Luke's Cornwall (N.Y.) Hospital, said the perpetrators of such fraud are often individuals who don't want to pay for care, or don't have a legitimate identity for doing so—for example, opioid addicts who need to doctor-shop.

    Once care is done, several experts agree, the results can follow a patient for years regardless of whether the payment issue is resolved. That's because a record of care bearing the patient's identity has been created.

    Pam Dixon, executive director for the World Privacy Forum, noted that a patient could wrongly have an allergy crossed off the list, for example. If a fraudster is treated using that antibiotic, the record might cause a new notation—that the patient in question isn't allergic.

    That permanence is due to an unfortunate feature with the electronic health-record system, Patterson said. “With your financial credit report, when you see something that's incorrect, there's a dispute process,” she said. “You can have things removed that are inaccurate from your report.”

    With EHRs, data can't get removed. Annotated, perhaps, stating that the data is incorrect. But not necessarily removed. “You have this lifelong corruption of your record,” she said.

    Earle said that particular technological quirk might get resolved in the future. If data-sharing between EHRs becomes more advanced, and data is more easily reconciled, such problems could become resolved—and patients could find it easier to check for potential identity theft.

    But it's difficult right now to check for the medical implications of identity theft. The Ponemon Institute report found that identity theft victims don't frequently check their own records. Only 17% of those patients check their records for accuracy most of the time.

    Getting patients to check their records is a government requirement under the EHR subsidy program. And it's one providers struggle with achieving. November 2014 government data found that 49% of attesting hospitals had only barely passed the second stage requirements for the program—they needed 5% of patients to view their records, and got between 5-10%.

    If patients don't check the data themselves, can they rely on automated tools to do it for them? Most affected institutions seem to provide credit monitoring services to patients whose data is breached.

    But that's not universal. For example, after a 2011 data breach, Sutter Health in Sacramento, Calif., did not offer credit monitoring services. A spokeswoman said that the decision was based on the types of data lost in the breach, which was not financial.

    Some question whether credit monitoring is enough. “It does need more scrutiny, and it does need more attention,” said Steven Russo, executive vice president of cybersecurity firm CertainSafe.

    The credit monitoring services do not scrutinize medical claims. Patterson isn't aware of many firms that do.

    “Unlike financial reports that are housed at the three credit bureaus … there is no central repository where your medical record is housed,” she explained. As such, it's a challenge for an interested firm to aggregate the data.

    Despite the medical and financial issues associated with the rising number of data breaches, backlash against affected firms appears to be muted. Josh Raskin, an analyst at Barclays Research, said he doesn't think investors care a great deal about the Anthem data breach “because the financial ramifications don't appear to be great.”

    Raskin's analysis appears to be shared by others. Louise Norris, a health insurance broker in Wellington, Colo., said that “the Anthem hack has been pretty much a non-issue for our clients.”

    At close of trading Tuesday, Anthem was trading at $145.99 per share, not far from its 52-week high of $148. Wall Street appears to be equally sanguine about Community Health Systems, which traded at $49.59 as of the close, compared to $47.24 in early August last year.

    Community Health Systems has held two quarterly earnings calls since the August 2014 disclosure of the breach and neither executives nor analysts have discussed it in those calls.

    In its annual Securities and Exchange Commission filing, it focused on the potential negative effects of litigation related to the breach, rather than a deterioration in consumer confidence. A CHS spokeswoman said the company would not comment beyond what is included in SEC filings.

    Anthem's yearly filing with the SEC is similar. Anthem also declined to comment for this story.

    However, a Ponemon Institute report said 48% of identity theft victims would consider leaving a provider in question. Dixon of the World Privacy Forum added that her organization has "never gotten such a large response as we have to the Anthem breach. They [consumers] are taking it much more seriously, and they are very angry.”

    Breach issues will likely only continue, Patterson said. Hackers are becoming more sophisticated at stealing and criminally exploiting data. The number of patient records breached increased 25.5% in 2014, according to Redspin, an information technology security firm.

    Follow Darius Tahir on Twitter: @dariustahir

    Follow Bob Herman on Twitter: @MHbherman

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    woman sitting at desk looking at phone
    Data privacy concerns emerge after Roe decision
    Helix, Memorial Hermann Health System partner on population genomics project
    Helix, Memorial Hermann Health System partner on population genomics project
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Nominate/Eligibility
      • 100 Most Influential People
      • 50 Most Influential Clinical Executives
      • Best Places to Work in Healthcare
      • Excellence in Governance
      • Health Care Hall of Fame
      • Healthcare Marketing Impact Awards
      • Top 25 Emerging Leaders
      • Top 25 Innovators
      • Diversity in Healthcare
        • - Luminaries
        • - Top 25 Diversity Leaders
        • - Leaders to Watch
      • Women in Healthcare
        • - Luminaries
        • - Top 25 Women Leaders
        • - Women to Watch
    • Events
      • Conferences
        • Transformation Summit
        • Women Leaders in Healthcare Conference
        • Social Determinants of Health Symposium
        • Leadership Symposium
      • Galas
        • Health Care Hall of Fame Gala
        • Top 25 Women Leaders Gala
        • Best Places to Work Awards Gala
        • Top 25 Diversity Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Strategic Marketing
        • - Virtual Health
      • Webinars
      • Custom Media Event: ESG Summit
    • Listen
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing