The Medical Identity Fraud Alliance has recently published its first whitepaper titled, The Growing Threat of Medical Identity Fraud: A Call to Action, focusing much needed attention on the urgent issue of medical identity theft and fraud.

MIFA is the first public/private sector-coordinated effort with a focused agenda that unites all the stakeholders to jointly develop solutions and best practices for fighting medical identity fraud. The whitepaper defines medical identity fraud  as the fraudulent use of an individual’s protected health information (PHI) and personally identifiable information (e.g., name, Social Security number) to obtain medical goods and service or to gain financial benefit. Medical identity theft is defined as the stealing of an individual’s protected health information.

The number of medical identity theft victims in the United States has increased from 1.42 million in 2010 to 1.85 million in 2012 and healthcare fraud, which almost always requires medical identity theft to commit the fraud, costs the United States at least $80 billion a year. Medical identity theft and fraud is much more complex and difficult to mitigate than the much more publicly known financial identity theft and fraud. Because criminals can monetize medical identities 20 to 50 times better than a financial identity, the value of a medical identity can be up to 50 times greater than a Social Security number alone. The high value of medical identities motivates criminals to put more effort in illegally attaining medical identities resulting in more and more cases of medical identity theft. As more and more PHI is being converted from paper health records to electronic health records (EHR) to improve information sharing and accessibility, the PHI becomes increasingly vulnerable to data breaches.

In the paper, MIFA stresses that the individual must be the first line of defense to medical identity theft and fraud. Lessons can be learned from the credit card industry and how they handled financial identity theft and fraud. They started off by sharing fraud data and developing sophisticated analytics to identify potentially fraudulent credit card transactions, but also began verifying the flagged transactions with the consumers themselves. This process inducted the consumer into the fight against fraud and helped the credit card industry crack down on fraud. The equivalent cooperation between the healthcare industry and the consumer is to send an Explanations of Benefits (EOB) about 30 days after a medical service is provided, but people rarely actually read them and when they do, they rarely understand them. Therefore, EOBs are for the most part ignored and the communication between the consumer and the healthcare industry is broken making it difficult for insurance plans to identify a fraudulent claim quickly.

MIFA believes that in order to correctly mitigate the medical identity issues facing the healthcare industry today, there needs to be a coordinated approach between key stakeholders from the healthcare industry, security, compliance and privacy companies, government, law enforcement, nonprofit organizations, and academe. MIFA was formed to bring together stakeholders from each industry and provide leadership to:

  • Develop an awareness, education, and training campaign for the public and the healthcare industry.
  • Inform public policy decision makers about medical identity theft and fraud and its current and evolving impact through awareness, education, and research programs.
  • Establish a comprehensive applied research agenda.
  • Promote and encourage innovative best practices, processes, and technology to prevent and detect medical identity theft and fraud.

Several key stakeholders, including the ITRC, founded MIFA and have already begun this process, but more stakeholders, cooperation and information sharing are needed. Visit the Medical Identity Fraud Alliance website and see how you can help!

“Medical Identity Fraud Alliance: A Call to Action” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.