Medical identity theft: The growing cost of indifference
While consumers grasp the importance of protecting their medical and personal information, few individuals take the necessary precautions to avoid medical identity theft, according to a study by The Ponemon Institute.
It is estimated that nearly 1.5 million Americans are victims of medical identity theft, up slightly from last year, according to this comprehensive study. Alarmingly, the average cost to resolve a case of medical identity theft stands at $20,663, up from $20,160 in 2010. Other key findings from the survey include:
Recognizing the importance of privacy does not equate to action
Despite consumer desires for medical data privacy and statistical findings of data vulnerability, people are not taking action to protect their valuable health information. Nearly 70 percent of study respondents felt it was important to have personal control over their medical records, and 80 percent felt that health care organizations should ensure the privacy of these records. However, these beliefs do not translate to action, as 49 percent of victims took no new steps to protect themselves after a crime.
Consumer indifference is fueled by lack of understanding of repercussions
Fifty percent of former victims chose not to report the incident to law enforcement at all, up from 46 percent in the 2010 study. The number one reason for this failure to report was the lack of resulting harm and the desire to not make it a big deal (43 percent).
In fact, more victims fear embarrassment (37 percent) than the loss of medical coverage (21 percent) or a diminished credit score (18 percent) as a potential result of medical identity theft.
“Our study shows that the risk and high cost of medical identity theft are not resonating with the public, revealing a serious need for greater education and awareness,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “We also feel these results put an even greater onus on healthcare organizations to make the security of sensitive personal health information a priority in order to protect patient privacy.”
Medical data breach notification fails to protect the consumer
The risk of medical identity theft lies beyond consumer control, as health care organization data breach accounts for a significant portion of reported incidents. When a breach occurs, the organization normally is required to inform the affected people, depending on state law notification requirements. However, only 5 percent of victims learned of their theft from a data breach notification, which is especially troubling when considering that data breach accounted for 14 percent of all theft instances. This includes breaches involving health care providers, insurers or other related organizations.
Consumers are uninformed of new health care reform policies
The majority of survey respondents (55 percent) are not familiar or have no knowledge of the new policies, and 79 percent are not aware of the creation of a national electronic database of Americans’ health information.
Furthermore, 33 percent believe that a national electronic database will increase the risk of medical identity theft. The lack of general awareness makes consumer education about medical identity protection all the more critical in the face of shifting policy.
Medical identity theft is a family affair
The study also revealed the startling rate at which medical identity theft occurs between family members. In fact, theft of this nature accounted for 36 percent of all victim responses, making it the most common type of theft.
The frequency of family-related medical identity theft contributed to the most commonly stated reason (51 percent) why victims elected not to report a given incident: the victim discovered that he or she knew the thief and did not want to report him or her.