California Attorney General Kamala Harris has issued a report containing recommendations for preventing, detecting and mitigating the effects of medical identity theft.
As electronic health records become more prevalent, identity theft is not just a financial issue for victims but a quality of care issue as incorrect demographic, diagnosis and treatment data can be in a patients EHR. Nearly half of medical identity theft victims shared their information with a relative or friend to help them receive medical treatment, according to a recent survey by the Ponemon Institute. Those numbers should fall, Harris notes, as more uninsured and underinsured individuals receive coverage through the Affordable Care Act.
But more vigilance is required of multiple stakeholders to reduce incidents of medical identity theft, Harris says. The recommendations include:
Providers: Build awareness of the issue within an organization, educate patients and implement technology to detect anomalies, supplemented with policies that ensure all red flags are investigated. Offer affected patients a free copy of relevant parts of their record to check for signs of fraud, make prompt corrections and remove the thiefs information, or leave the information and flag it as not from the patient.
Insurers: Improve the usability of explanation of benefits with information on how to report errors. Notify known victims of medical identity theft when a claim is submitted to their account. Use software to flag suspicious claims, and immediately correct a patients claims record when theft is confirmed to avoid benefits being capped or terminated.
Health Information Organizations: Build capabilities to prevent, detect, investigate and mitigate identity theft, and adopt policies that recognize the possibility of theft.
Policymakers: Consider these recommendations when developing standards for electronic health records and health information exchange. The Department of Health and Human Services should include a medical identity theft incident response plan as a certification requirement or best practice for HIEs, health information organizations and accountable care organizations.
The 31-page report, Medical Identity Theft: Recommendations for the Age of Electronic Medical Records, is available here.
This article was first published in Health Data Management, a Collections & Credit Risk sister publication.