Identity Theft in the Healthcare Environment

The act of obtaining and using someone’s personal identity without their consent is considered identity theft. Identity theft is not new and by no means limited to the healthcare industry. On the other hand, considering only the first two months of 2017, and based on the total number of data breaches reported, the healthcare industry boasted a grand total of 79 data breaches. In other words, 25.3% of all data breaches were in the healthcare industry.   Not a significant number unless you consider that there were 740,000 records within these breaches and that the same accounted for 57.2% of the total records exposed in the first two months of 2017. Looking at it from another point of view:

  • 1.5 Million Americans are victims of Identity theft every year
  • Average Cost to restore Identity after medical identity theft $20,160
  • 21% of medical identity theft didn’t discover the problem for two or more years after the incident
  • Average settlement costs for healthcare facilities per incident $250,000
  • Nearly half of the victims of healthcare identity theft lose their health coverage

Let’s be clear, medical identity theft is a criminal act. Medical Identity Theft is also considered a violation of HIPAA Privacy, HIPAA Security and a number of other laws and regulations. Yet the key consideration is what can we do about this problem? For beginners, we would recommend three basic actions:

  • Make sure your HIPAA Security Officer and HIPAA Privacy Officer address this issue;
  • Develop policies and procedures regarding this issue and ensure everyone’s knows about them and understands the same;
  • Train everyone as it regards this issue.

Additional preventive actions include:

  • Shield your keypad when entering passwords and logins;
  • Do not respond to unsolicited requests for personal information;
  • Install firewalls and virus detection in every device;
  • Shred receipts and paperwork that may contain personal information;
  • Create complex passwords.

The Federal Trade Commission also offers several resources and recommendations regarding identity theft which may be accessed by visiting their website at:  You can also contact Taino Consultants Inc for professional guidance or EPI Compliance for assistance with policies, forms and training.