From OST
Jump to: navigation, search
                                  Identity Theft and Medical Identity Theft

What is Medical Identity Theft?

Medical identity theft is when someone steals your personal information and uses to commit health care fraud.

What is Identity Theft?

Identity theft is when someone uses your personal information to obtain credit, take out a loan, open accounts, get identification, and pretending to be you. Under Federal law it constitutes a felony under any applicable state or local law. Identity Theft and Assumption Deterrence Act, the amended title 18 U.S.C § 1028 is related to fraud activity in connection with documents (identification), authentication, and information established penalties for this type of crime. Differences between identity theft and medical identity theft.

The differences between identity theft and medical identity theft are the following: Medical identity theft can be stolen according to Lafferty (2007) using both identity theft and medical theft. The author explained different methods of how medical information is stolen: 1.Friends (the two first when are in need) 2.Family 3.Professionals dishonest (clerks, nurses, physicians) 4.Clinic takeovers 5.Opportunists

Identity theft may use different methods for obtaining information about the victim: 1.Dumpster diving (look your personal information in the trash can such as bills or other paper) 2.Skimming (steal credit/debit card numbers) 3Phishing (send pop-up messages or spam, use financial institutions) 4.Changing your address (divert billing statements to another location) 5.Old-fashion stealing (steal wallets, and purses; e-mails and so forth) 6.Pretexting (use false pretenses for obtaining personal information, for example, financial institutions, telephone companies, etc)

How medical theft is typically accomplished?

American Health Information Management Association, 2008 Proposes strategies an organization can implement to stop identity theft As an executive of an organization, the data can guard implementing new policies and encrypting all information, just after a depth background for who is going to handle this sensitive information, and put software where she/he is doing in the computer.

I will have a control of the patient’s personal data. Also, I am not giving authorization for the use of laptops and the storage of medical or/and insurance companies as well patients. When the people are hired, they need to sign a paper where is they doing comply with the policies, and rules they will be going to prosecute according the federal and state laws. According to Deltoitte Consulting LLP. (2006) illustrated other strategies for implementing and combat identity theft as follows: Management safeguards: a.“Executive sponsorship b.Formalized policies and procedures c.Education and awareness for both consumers and employees d.Employee code of conduct/ethics

Operational safeguards a.Data encryption b.Documented response plan to address specific threats c.Collaboration with industry groups and other third parties d.Segregation of duties e.Dynamic fraud monitoring and investigative process f.Periodic audits g.Have almost no PII (Personal Identification Information) on paper

Technical safeguards a.Encryption for stored and transmitted data b.Fraud detection rule-base systems, neural based system c.Software intelligence to detect internal fraud d.User provisioning systems e.Secure channels of communication (voice, fax, electronic)” (Deltoitte Consulting LLP, 2006)

       An organization is supposed to protect personal data using encryption. Also, organizations had had to evaluate data breach.  Investigation or audit should help to obtain evidence. Digital forensics will be one way for investigating a data breach, because examining computers it can determine when and what occurred. 
       Digital evidence will be a crucial evidence when is investigating any organization for finding illegal activity, failures or forensic evidence.Proposes strategies an organization can implement to stop medical identity theft.

An organization can implement to stop medical identity theft monitoring and response (e.g. administrative, technical, or physical safeguards, and so forth). In fact, professionals, health care organizations, plans, and stakeholders must work and establish preventive programs. Preventive measures are: 1.Prior to hiring ensure appropriate background checks of employees, and associates. Also check periodically after hiring 2.Establish patient verification processes (IDs verification, e-mail or Internet access) 3.Social Security number (SSN) avoid to use as identification on any document or personal data 4.Restrict access and locks or encrypt individual identification information 5.Release of liability to cover against possible claims 6.Implement and comply new rules and policies for disposal, destruction, etc 7.Implement and comply new policies and procedures to ensure security and privacy to individuals (e.g. limited access to electronic health information, minimum access controls, unique user identification and password controls, encryption as a best practice, and so forth) 8.Create an alert for medical records 9.Develop identity theft response plan and policy 10.Apply state laws 11.“Complete a preemption analysis addressing HIPAA’s permitted disclosures to law enforcement (§164.512(2)(5)) versus state law, determining when there is a need for court order, subpoena, or patient authorization)” (American Health Information Management Association, 2008) 12.Staff training programs for best practices and policies providing an appropriate protection.

In summary, identity theft as well medical identity theft is a national problem with global implications. For that reason, with this growing “industry”, organizations must combat and thwart this crime. Furthermore, new laws and regulations passed at the federal and state level where identity theft is enforcement for being executed.

The effect on an organization should be disastrous, because some employees who perform data entry tasks are involved of business record thefts (e.g. payroll or records). For that reason FACTA (Fair Access to Credit Transactions) Act goes into effect. Identity theft in any organization or business affects to the consumer and the business or organization in different ways. This type of crime affects business at all levels, some statistics showed the different concerns such as identity theft cost vary between business and consumers. Further, it is number one crime in the nation.

While on the other hand, for securing data, HIPAA imposed, and develop adequate security products and resources. New technologies are being used, and companies are applying this security rule. For example an anti-fraud system, and digital signature where is alerting employee when a new virus is released or an e-mail is scam which can have potentially damaging. It is a partial solution when you are transferring billing via e-mail.

However, organizations must use background screening for new employees and develop and implement risk management solutions that mitigate security vulnerabilities such as controlling who has access to secure or private information to be sure that no one has unrestricted access. Owners of business as well executives need to pay attention to identity theft, especially in the financial costs of a data loss, they must prioritize this point, and put in practice or taken action in preventing identity theft and data loss. The rapid growth of identity theft crime signifies with a critical issue with which to deal. Finally, these new regulations and the effect on identity theft as well medical identity theft, organizations or any other business are working for preventing this crime. Today organizations when are hiring new people use a depth background screening. It is a way for mitigating the fraud. The solution for organizations is encrypting personal data, as well IT department is responsible for maintaining safety the data. If organizations prepare the network system, and mitigate the costs as well penalties, it cannot encounter problems.

Today, organizations and companies are working for offering a more secure data to customers. In addition, these organizations educate to public, but on the other side are impossible to stop this type of crime. This research paper need further investigation, because this type of crime is continuing more and more, and protecting customers their private personal data from these thieves will take a long time. Why? Because new technologies are going to create, and these criminals are more skilled and prepared for continuing their attacks.




References American Health Information Management Association (2008). Mitigating Medical Identity Theft. Retrieved August 13, 2009 from http://library.ahima.org/xpedio/idcplg?IdcService=GET_HIGHLIGHT_INFO&QueryText=xPublishSite+%3CMatches%3E+%60BoK%60+%3CAND%3E+((xSource+%3Csubstring%3E+%60AHIMA+Practice+Brief%60+%3CNOT%3E+xSource+%3Csubstring%3E+%60Practice+Brief+attachment%60)+%3CAND%3E+dSecurityGroup+%3Csubstring%3E+%60Public%60)&SortField=xPubDate&SortOrder=Desc&dDocName=bok1_039058&HighlightType=HtmlHighlight&dWebExtension=hcsp Deltoitte Consulting, LLC (2006). Identity Theft: Understanding the Experience of Private Sector Organizations. Retrieved August 13, 2009 from http://www.deloitte.com/dtt/cda/doc/content/us_ps_idtheftprivatesector_261006.pdf Federal Trade Commission (2009). About Identity Theft . Retrieved August 13, 2009 from http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html Federal Trade Commission (2009) Who Cares: Sources of Information About Health Care Products and Services. Retrieved August 13, 2009 from http://www.ftc.gov/bcp/edu/microsites/whocares/medicalidt.shtm Holtfreter, R., and Holtfreter, K. (2006). Gauging the effectiveness of US identity theft legislation. Journal of Financial Crime, 13(1), 56-64. Retrieved August 5, 2009, from ABI/INFORM Global. (Document ID: 994688151).


Christine Stagnetto-Sarmiento©2009