The Growing Threat of Medical Identity Theft

by Linda Vincent R.N. P.I.


The economic stimulus bill of 2009 includes $2 billion to develop a national system of electronic medical records. Although this bill streamlines the healthcare process and makes sharing information between doctors and healthcare facilities faster and easier, the potential for medical identity theft is becoming an even larger threat.

The importance of protecting electronic medical records cannot be overstated. According to the Ponemon Institute, approximately 1.5 million Americans have been victims of medical identity theft, representing an estimated cost of $28.6 billion. The Ponemon Institute also reports that more than six in ten healthcare organizations say they do not have enough resources to ensure data security. Furthermore, over one-half stated that they do not have policies and procedures in place to safeguard health records. These statistics obviously do not bode well for patients and the privacy of their electronic medical records.

In addition, Javelin Strategy and Research states that fraud perpetrated by stealing medical data increased from 3% in 2008 to 7% in 2009, a whopping 112% leap. These numbers are growing every day, often due to a security breach in a clinic or hospital.

There are many culprits who perpetrate medical identity theft. They include employees of hospitals, clinics, and other professional practices-often a medical identity thief disguised as a healthcare professional who steals private information shortly after being hired. Hacking into a database to gain access to electronic medical records is another way to steal a person’s identity. Identity thieves will either use the information themselves or sell the data on the black market to medical identity theft rings or other unscrupulous individuals.

The Dangers of Electronic Medical Records Breaches

The result of a person’s identity being stolen from his electronic medical records in your clinic can be both devastating and deadly. Medical identity theft:

  • Enables identity thieves to create fictitious electronic medical records in someone else’s name
  • Lets medical identity thieves use medical records to make fake claims for medical services
  • Allows perpetrators of  medical identity theft to use the information to buy prescription drugs or get free medical treatment in another person’s name
  • Can cause someone’s records to have incorrect data about tests and medical procedures that can result in a denial of health insurance, which can leave him financially destitute if he needs serious treatment and has to pay it out of pocket
  • Can be life-threatening because electronic medical records can show someone else’s medical history, allergies, blood type, and other inaccurate data that can worsen a medical condition or even cause death

What Should a Physician’s Practice or Health Care Provider be Doing to Safeguard  Electronic Medical Records?

If the physician or provider is not taking every precaution to prevent the breach of  patients’ electronic medical records and the resulting medical identity theft, who is? Whether the  physician, the insurance carrier or the patient, protect the information by taking a closer look at:

  • Hiring practices: Are they performing thorough background checks on the professionals hired? Despite who they say they are, their only reason for working at your facility may be to gain access to patients’ private information.
  • Computer systems: How easy is it to access patients’ electronic medical records? Is there IT security systems in place, such as the use of passwords and encryption, to prevent unauthorized personnel from accessing the data?
  • Policies and Procedures: Are there written policies and procedures in place, and is there medical identity theft prevention training for employees?

It’s critical that patients’ electronic medical records are safeguarded to prevent them from becoming victim of medical identity theft. Failure to do so can have a devastating and long-lasting effect on a practice, patients’ health or health history. Learn more about how to prevent medical identity theft by visiting


Linda Vincent, R.N., P.I., is an identity theft and healthcare fraud prevention expert specializing in medical consulting and investigations. She teaches corporations, professional practices, and consumers how to prevent identity theft and healthcare fraud. Visit