Government Technology - February 2008 - (Page 29)

care, and they do this to get services they desperately need.” “We know health-care costs have risen considerably on an annual basis relative to inflation and probably higher than inflation, and we believe that 45 million to 50 million Americans are uninsured,” Sneed continued. “We know prescription drug addiction continues to be a huge problem for some sectors of the population. Those are all contributing factors.” MEDICAL ID THEFT BY THE NUMBERS Somewhere between 250,000 and 500,000 people are victims of medical identity theft annually. At least 3 percent of overall health-care costs are due to fraud. That’s $60 billion each year. At least 1 percent of fraud is estimated to be medical identity theft: $600 million per year. Average payout for regular ID theft: $2,000. Average payout for medical identity theft: $20,000. Cost, on the street, for a stolen Social Security number: $1 Cost, on the street, for stolen medical ID information: $50 Cost of medical identity theft, per family of four, per year: $80 SOURCES: THE WORLD PRIVACY FORUM AND BLUE CROSS AND BLUE SHIELD ASSOCIATION. Broken Records Besides raising the cost of health care for all, medical identity theft can leave a victim’s medical records in shambles, and it’s not easy to fix. Victims find their medical history changed to reflect the services billed by the identity thief; medications, allergies and surgeries fraudulently billed in the name of the victim become permanent records that are hard to expunge. Victims of regular identity theft have more recourse under the Fair Credit Reporting Act than medical identity theft victims have under HIPAA. Changes to medical records that reflect treatments for cancer, HIV and diabetes are the most common as those diseases require the most expensive treatment and are most profitable for medical ID thieves. “You can imagine all three of those diseases have issues in terms of insurability, employability, and it’s very hard for people once they get this on their records,” Dixon said. “There’s got to be a mechanism to get it purged.” Physicians are reluctant to have any treatment information deleted from records because of malpractice issues, Dixon said. And HIPAA can actually exacerbate the problem when there’s confusion about which medical record belongs to whom. The federal health privacy rule was enacted under HIPAA to protect patient privacy and security. But confidential medical information — patient records, documents on insurance benefits, and passwords to medical servers — is stolen from victims who share music and videos on peer-to-peer networks and unwittingly provide access to their hard drives. Medical care facilities have also been negligent with critical patient data, exposing patients to medical identity theft. In a 2006 Oregon case, a computer bag holding 10 computer disks containing medical data for 365,000 patients from Providence Portland Medical Center was stolen from an employee’s car. So far, there have been three cases of possible identity theft associated with the breach, and Providence has spent $7 million responding to the mistake. Victims of medical identity theft sometimes find that HIPAA blocks their attempts to correct their medical records. HIPAA requires health-care providers and insurers to provide patients access to their medical records but doesn’t require medical providers “ WE KNOW HEALTHCARE COSTS HAVE RISEN CONSIDERABLY ON AN ANNUAL BASIS RELATIVE TO INFLATION AND PROBABLY HIGHER THAN INFLATION, AND WE BELIEVE THAT 45 MILLION TO 50 MILLION AMERICANS ARE UNINSURED. Calvin Sneed, senior antifraud consultant, Blue Shield and Blue Cross Association ” and insurers to remove incorrect records. HIPAA even says that if incorrect information leads to inappropriate treatment, the incorrect information must remain to preserve a paper trail. In a 2004 case, a Coloradan named Joe Ryan received a bill for surgery from a hospital that he never visited. Two years later, Ryan was still trying to correct his records. HIPAA, which was supposed to protect him, was actually preventing him from even viewing his own records. Since his signature didn’t match the signature of the crook who had stolen and used his medical identity, the hospital wouldn’t let him see the records. “HIPAA can be interpreted in such a way that gets in the way of this, but it can also be interpreted the other way,” Dixon said. “It’s in a gray area, and if you have a very conservative legal team that’s never heard of medical identity theft, they may go the wrong direction. We’re working hard to get that eradicated.” The FTC has studied regular ID theft but is not responsible for addressing medical issues, according to the WPF. That responsibility falls to the U.S. Department of Health and Human Services (HHS) , which has been slow to respond, according to Dixon. “I have to tell you, HHS has not been good to this point. They’ve not been looking at it. They’ve not been talking about it, and they need to.” 37 29 C O N T I N U E D O N PAG E http://www.govtech.com

Table of Contents Feed for the Digital Edition of Government Technology - February 2008

Government Technology - February 2008 Contents Point of View Big Picture The Last Mile On the Screen Products Four Questions for... CSI Effect Bad Medicine Making Health Care Personal Cashing In GIS for Less Nabbing Speedsters First Person: Records Management Chatter Box Oregon Data Centers Go Green Products Two Cents Spectrum Up Close Personal Computing signal:noise Government Solutions - Spring 2008 Power Play Double Duty Cleaning House Twice Prepared Smart Move The Path to Success Foundation for Service

Government Technology - February 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.