Medical ID Theft and Tying Patients to Electronic Records with Strong Authentication

The New York Times recently published an interesting article on the rising problem of medical identity theft. When the federal government last researched the issue in 2007, more than 250,000 Americans reported that they were victims of medical identity theft. Since that last report, most experts agree the problem has undoubtedly grown, in part because of the growing use of electronic medical records built without extensive safeguards. To exacerbate the situation, cleaning up after medical ID theft can be hindered by HIPAA compliance – the regulations protect the medical information of the ID thieves as well as you.

Medical ID theft is an issue that can impact anyone. From a financial standpoint, if your identity is stolen and then used to receive emergency care, the insurance payments and collections can follow you around for years – without the victim even knowing it. This can destroy credit ratings or create a situation where insurance benefits limits are exceeded at a time when a legitimate claim is made.

More important than the financial impact is the potential impact on the healthcare or treatment a victim receives. Once a medical ID is stolen and used to receive treatment, the medical records can now contain erroneous medical history information. This can lead to a fatal mistake in an emergency care situation.

I’ve blogged about some of the data security and strong authentication concerns that come with accessing electronic patient records from the clinician point of view. Some healthcare providers I’ve spoken to are looking to strong authentication to solve the medical ID theft problem as well, using technologies like biometric authentication to securely and uniquely tie patients to their records.

This would create a seamless environment where clinicians are authenticated for access to applications and information, while the patients are authenticated to their medical records. This will be a critical component of the success of EMRs as these systems begin sharing information between healthcare providers. Strong authentication will be critical not only from a data security perspective, but could also prevent a situation where a patient receives improper care.