Tag Archives: electronic health records

Will Blockchain End Up Like 3DTV?

When technology is baked into a device, we rarely give it much thought. We buy a smartphone for its utility – not its operating system. Sometimes a new technology dramatically changes how everyone does things; the internet is a good example. Some plausibly great innovations, such as 3D television, just never gain traction. Which of these outcomes will blockchain have?

Recently, blockchain has emerged as a technology that will potentially transform industries in a way similar to what the Internet did a couple of decades ago. Still a nascent technology, its many uses have not yet been discovered or explored.

Most people know a little about blockchain:

    • It lets multiple parties agree on a common record of data and control who has access to it.
    • Its platform makes cryptocurrencies like bitcoin possible.
    • Movement of cryptocurrency verified by blockchain allows peer-to-peer cash transfers without involving banks.
    • Blockchain is a permanent, auditable record, so any tampering with it is obvious.

Some people think blockchain will transform security in financial services and fundamentally reshape how we deal with and trust complex transactions, though this could be a response to hype or a fear of missing out. Many other people ask why and how they should use blockchain.

On the face of it, using a shared (or distributed) ledger to process multiple transactions doesn’t seem so revolutionary. Blockchain is essentially a recordkeeping system. Perhaps its association with cryptocurrency – such as bitcoin – lends it a darker, more enigmatic edge than the software traditionally used for processing multiple transactions. One way or another, insurers face pressure to update antique systems with new ones that can compete with the demands of a digital world, and that means incorporating blockchain technology.

A distributed ledger of transactions

A blockchain can be seen as an ever-growing list of data records, or blocks, that can be easily verified because each block is linked to the previous one, forming a chain. This chain of transactions is stored on a network of computers. For a record to be added to the chain, it typically needs to be validated by a majority of the computers in the network. Importantly, no single entity runs the network or stores the data. Blockchain technology may be used in any form of asset registry, inventory and exchange. This includes transactions of finance, money, physical property and intangible assets, including health information.

Because blockchain networks consist of thousands of computers, they make any effort to add invalid records extremely difficult. Every transaction is secured using a random cryptographic hash, a digital fingerprint that prevents its being misused. Every participant has a complete history of the transactions, helping reduce the chance of transactions being corrupted. Simply put, a blockchain is a resilient, tamper-proof and decentralized store of transactions.

Complex processing and automation with smart contracts

Blockchain ecosystems enable a large number of organizations to join as peers to offer services, data or transactions that serve specific customers or complex transaction workflows transparently. These ecosystems can automatically process and settle transactions via smart contracts that encapsulate the logic for the terms and triggers that enable a transaction.

Smart contracts are created on the blockchain and are immutably recorded on the network to execute transactions based on the software-encoded logic. Transparency through workflows recorded on the blockchain facilitate auditing. Peers and partners within a blockchain ecosystem independently control their business models and the economics without the need to use intermediaries.

Self-executing smart contracts can be used to automate insurance policies, with the potential to reduce friction and fraud at claim stage. A policy could be coded to pay when the conditions are undeniably reached and decentralized data feeds verify that the event has certainly occurred. The blockchain offers enhanced transparency and measurable risk to this scenario.

Parametric insurance, which operates through smart contracts with triggers that are based on measurable events, can facilitate immediate payments while decreasing the administrative efforts and time. Effectively, the decision to pay a claim is taken out of the insurer’s hands. Other possible models are completely technology-based without the need for an actual insurance company. The decentralized blockchain model lends itself well to crowd-sourced types of insurance where premiums and claims are managed with smart contracts.

See also: Blockchain’s Future in Insurance  

Blockchain-based insurance

New insurers using blockchain are emerging and offering increased transparency and faster claims resolution. Here are some examples:

    • Peer-to-peer property and casualty insurer Lemonade uses an algorithm to pay claims when conditions in blockchain-based smart contracts are met.
    • Start-up Teambrella also leverages blockchain in a peer-to-peer concept that allows insured members to vote on claims and then settles amounts with bitcoin.
    • Dynamis provides unemployment insurance on a blockchain-based smart contract platform.
    • Travel delay insurer insurETH automatically pays claims when delays are detected and verified in a blockchain data ledger.
    • Etherisc is another new company building decentralized insurance applications on blockchain that can pay valid claims autonomously.

Traditional insurance companies, such as AXA and Generali, have also begun to invest in blockchain applications. Allianz has announced the successful pilot of a blockchain-based smart contract solution to simplify annual renewals, premium payments and claims submission and settlement.

Blockchain has the potential to improve premium, claim and policy processing among multiple parties. For example, in the last year the consultancy EY and data security firm Guardtime announced a blockchain platform to transact marine insurance. This platform pulls together the numerous transactional actions required within a highly complex global trade made up of shipping companies, brokers, insurers and other suppliers.

A consortium of insurers and reinsurers, the Blockchain Insurance Industry Initiative (B3i), has piloted distributed ledger technology to develop standards and procedures for risk transfer that are cross-market compatible. Whether or not the outcome is adopted industry-wide, it seems important for digital solutions to be created with this transparency and inclusiveness in mind.

There is clear potential for blockchain in reinsurance where large amounts of data are moved between reinsurers, brokers and clients, requiring multiple data entry and individual reconciliation. Evaluating alternative ways of conducting business is one reason for the collaboration of Gen Re with iXledger, which can explore ideas while remaining independent.

Handling of medical data and other private or sensitive information

Individuals will generate increasing amounts of personal data, actively and passively, from using phones and Internet of Things (IoT) devices, and processing digital healthcare solutions. Increasingly, consumers will want control of this scattered mass of digital data and share it with whomever they choose in exchange for services. This move aligns perfectly with the concept of a “personal data economy.” Think of information as currency and think about using blockchain to secure private data and reveal it in a secure and trusted manner to selected parties, in exchange for something.

Electronic health records are now common. Several countries use blockchain to secure patient data held digitally. This helps counter legitimate concerns about how sensitive personal data can be kept secure from theft or cyber-attack. Code representing each digital entry to the patient record is added to the blockchain, validated and time-stamped. A consortium of insurers in India is using blockchain to cut the costs of medical tests and evaluations, and to ensure the data collected is kept secure, along with other benefits including identification of potential claims fraud.

Looking to leverage the data economy, companies may employ innovative insurance propositions to engage people. Because the propositions will rely on shared data, people may be put off, fearing a loss of control over their personal information. While this fear poses a huge challenge for an industry seeking to improve its reputation for trust, blockchain technology may help insurers to reassure customers the digital data they share with them is safe.

Verification of documents

Verification of the existence and purpose documents in banks and insurance companies relies on storage, retrieval and access to data. A blockchain simplifies this process with its open ledger, cryptographic hash keys and date-stamped transactions. Actual hard copies of documents are not stored; instead, the hash represents the exact content in a form of scrambled letters and numbers. A change in a document will be exposed because it will not match the encoded one. The effect is an immutability that proves the status of the data at an exact moment and beyond doubt.

Blockchain technology is a “trustless” system because nobody has to trust anybody else for the system to function; the network of users acts together to vouch for the accuracy of the record. Examples of blockchain protecting patient records demonstrate its potential to implement other trusted and secure transactions with less bureaucracy.

There are other opportunities for insurers to move to a digitized paradigm and catalyze efficiency gains; blockchain need not be reserved for cross-industry platforms, and it’s not only useful in multiparty markets with high transaction volumes and significant levels of reconciliation; smaller-scale solutions can bring benefits, too.

Features that ensure privacy and data security

Beyond driving efficiencies, blockchain employs agreed standards for data care, which reduce the vulnerability of data that arises with the mass of sensitive data that digital connectivity creates. Other features that enhance privacy and data security include the contract process: Transactions are not directly associated with the individual, and personal information is not stored in a centralized database vulnerable to cyber-attack. Insurance companies, as well as technology companies, are accountable to their users for the security of their devices, services and software, and hackers are less likely to target enterprises with strong security.

Multiple participants and the removal of a central authority

Transparency, audit-ability and speed are standard requirements for any organization to successfully compete and transact in an increasingly complex global economy. Data is a valuable catalyst to that process and is complemented by blockchain’s ability to organize, access and transact efficiently and compliantly.

Trusted transactions require access to valuable data, and blockchain facilitates efficient access across multiple organizations. The economics for data usage will drive new business models fueled by micropayments, which will require efficiencies to scale. Business models based on data aggregation by third parties in centralized repositories with total control and limited transparency will be replaced by distributed blockchain-enabled data exchanges where data providers are peers within the ecosystem.

Decentralized peer organizations can use the blockchain for permission access, and for facilitating payments, to ensure total control of their economic models, without having a centralized authority. Data access and transactions are controlled directly by each member of the ecosystem, with complete transparency and immediate compensation.

Token economies

Ecosystems supporting peer organizations that transact or share data will require an effective mechanism for micropayments. These business models require efficiency, with less overhead than traditional account payable and account receivable workflows.

Event triggers, cryptlets that enable secure communication between blockchain, and external verification sources (oracles) will execute based on predetermined criteria, and token payments will be made simultaneously. Counterparty agreements may initially define the relationships between parties on the network, but payments are executed within the smart contract transactions.

See also: How Insurance and Blockchain Fit  

The elimination of a time delay in payments acts as a stimulant for economies; tokens earned can immediately be spent, increasing the speed at which organizations will earn and spend. Traditional delays and fees that occur throughout accounting workflows and through intermediary banks that process payments can be eliminated.

Cross-border processing

Currently, global payments involving foreign exchange introduce complexities in addition to time delays. Economic indicators and political events dramatically affect the exchange rates and profitability of transactions. Cross-border payments require access to the required currencies by intermediary banks, which can cause additional delays beyond the internal accounting workflows.

With blockchain technology, using a token-enabled economic layer simplifies the payments to support micropayment efficiencies. Participants on the blockchain network will be able to efficiently use the preferred fiat currencies to acquire or sell tokens without using intermediaries, banks or currencies.

Merging blockchain and data

Today, there are more connected IoT devices than there are people on the planet, and the data generated is growing at an exponential rate. Various sources have predicted that the number of connected devices will grow to more than 70 billion by 2025; the numbers are almost irrelevant.

IoT devices are used in homes, transportation, communities, urban planning, environment, consumer packaged goods, services and soon in human bodies. A number of insurance companies use these devices to assess driver habits and usage. Autonomous cars and changing ownership and usage models are creating a generation of insurance products that can be facilitated through IoT-collected data. Home devices can detect leaks, theft and fire damage – capabilities that reduce risk. Shipping companies use the IoT for fuel and cargo management, which offers operating efficiencies, transparency and loss prevention.

Merging the mass of IoT data with the blockchain is not without challenges, but this combination can provide a completely new way of creating an insurance model that is far more efficient and faster, and where data flows directly from policyholders to the insurer.

Summary

Interest in the trinity of bitcoin, blockchain and distributed ledger technology has significant momentum. However, the technology is not magic or a panacea for every corporate woe. It has disadvantages and limitations, and there are situations where it would even be the wrong solution. There is enough about it, though, to merit continued closer investigation – the many emerging cases of its application bear testament to that – but in place of hype we still need answers.

Healthcare Needs a Data Checkup

As the healthcare industry continues to digitize, data protection technology has not been able to keep pace. Unfortunately for industry participants, healthcare has become a top target for state-sponsored and free-agent hackers.

In fact, a study released by Michigan State University in April 2017 found that healthcare providers reported 1,225 of the total 1,798 data breaches in the U.S. from 2009 to 2016. Why has the healthcare industry become such a target? And what can healthcare providers do to protect their organizations and the thousands of patients they serve?

One primary reason for the target on healthcare’s figurative back is the rapid implementation of electronic health records (EHRs). From 2009 to 2014, adoption of EHRs rose from less than 10% to 97%. This haste to complete implementation has led to a deficiency in data protection and security measures within EHRs. Additionally, with more and more providers leveraging mobile devices and turning to data driven by the Internet of Things, attackers have a plethora of new entry points to access private and sensitive data.

See also: Data Security Critical as IoT Multiplies  

A quick scan of the Identity Theft Center’s 2016 Data Breach Report shows that lost workplace laptops and stolen company-issued cell phones are frequently listed as reasons for a data breach.

Given the growing use of workplace devices in the healthcare industry, as well as the corresponding danger of transmitting information from a central data center to end-user devices and back again, it is crucial that data is protected the moment it is created. Further, healthcare providers must ensure employees are aware that their devices could be compromised when the connection to the data center is lost.

Mobile devices make it harder to protect data

For example, an attacker could access data while employees are traveling between medical centers when the connection is lost and then sell the retrieved information or leverage it for ransom. As such, data should be protected regardless of whether it is at rest or in transit, as well as in connected and disconnected environments.

To protect themselves from vulnerabilities that lead to data breaches, cyber attacks and ransomware, healthcare organizations must revisit their security strategy. This strategy should be comprehensive, flexible and capable of mitigating the impact of a breach at various levels within the enterprise via multiple layers of security solutions. The use of layered security allows for incremental defense to ultimately protect what is most vital to the business—its data. If other security countermeasures are defeated, data protection, which supersedes traditional encryption, will be vital as the last line of defense. For this reason, organizations must use data protection that travels with their data, rendering the data useless to the attacker should it be compromised.

Training, technology part of treatment

Data security is a threat that will not fade away, but rather grow in importance. As technology continues to advance, attackers and other entities involved in data theft will have just as many tools as the healthcare providers endeavoring to protect valuable and private information.

See also: Aggressive Regulation on Data Breaches  

Healthcare organizations must accept that their data will become a target and that these threats could originate from nontraditional sources, such as IoT and other innovations. Leaders must act now to protect their business, patients and other stakeholders.

This article originally appeared on ThirdCertainty. It was written by Ermis Sfakiyanudis.

Consumer-Friendly Healthcare Model

Best-selling Author Og Mandino once said:  “Always seek out the seed of triumph in every adversity.”

It appears that a small, yet growing number of America’s front line health providers are doing just that. Instead taking on increased risk, greater healthcare bureaucracy and more administration headaches, these medical mavericks have drawn a philosophical line in the sand.

I’m speaking of direct primary care (DPC). For the uninitiated, DPC is an emerging model where general practitioners elect to disassociate from, and no longer bill services to, health payers, including Medicare. DPC practices average between 600 and 800 total patients (vs. the national 2,300-patient average for traditional primary care provider (PCP) patient panels).

This return to front-line doctoring — “sans insurance” — translates into a cost-reduction of as much as 40% in staffing and reduced administrative complexity. Electronic health records (EHR) software finds itself replaced with lighter applications to track, schedule and bill patients. Practices may also choose to use mhealth/telehealth technology to monitor/connect with patients.

Patients in these practices are often those with low to middle incomes, with high-deductible health plans (HDHPs). For this reason, DPC doctors develop network relationships with other local medical specialists and services. The result is patients gaining access to discounted medications, imaging and labs, plus lower service fees from local specialists — all on a cash basis.

And presto! We have a true two-party care relationship, where doctors focus purely on patients, instead of blending in payers as their second healthcare customer.

The median monthly DPC fee for an adult is about $70; and fees for kids are priced between $10 and $20 per child. Many DPC practices also cap monthly family fees. Pricing is independent of pre-existing conditions and current health status and allows for more face-to-face time, as often as needed.

These practices report reducing urgent care and ER visits, plus hospital admits and re-admits. Quality and outcome data has apparently started reaching malpractice insurers, now quoting lower rates for direct vs. traditional primary care practices.

Here is where it gets sticky. DPC is rightly considered a “health service,” both by the Affordable Care Act (ACA) and by 16 states. However, under section 223(c) of the U.S. tax code, the I.R.S. wrongly considers DPC a “gap,” or secondary, health plan. Therefore, DPC is not a qualified medical expense — and fees paid by patients are not reimbursable by health savings accounts (HSAs).

Changes are in the works, per the introduction of Senate Bill 1989 – The Primary Care Enhancement Act of 2015, which would make DPC fees a part of HSAs. The bill, with strong support from the American Academy of Family Physicians, also seeks to require the Center for Medicare and Medicaid Innovation (CMMI) to create a new payment pathway for DPC as an alternative payment model (APM) in Medicare and with dual eligibles.

The plan is for DPC to show Medicare its mettle — and eventually receive a modest flat fee payment for primary care services offered by a DPC medical home. The legislation includes allowing qualified physicians who have opted out of Medicare to participate in the program. It also serves as a partnering catalyst with Medicare Advantage, in an affordable care organization (ACO)-like structure.

DPC is a disruptive “hot knife” model, whose entry is well-timed to cut through the cold stick of butter called high health costs.

Today, PCP co-pays have gone up to $45, and deductibles are sky high. Many consumers have no idea that at or around the same per-visit patient fee, DPC exists as an option. Employers are just beginning, on a larger scale, to integrate DPC with other options such as HDHPs and self-insured health coverage. Using this new model with self-insured companies makes sense, to hedge risk, lower health costs, improve outcomes and improve quality of care.

One county in North Carolina, which employed a DPC option, saved nearly $1.5 million on yearly medical expenses — on just 800 covered lives! It may surprise you that, apart from HSA standing, there are already early employer adopters who have chosen to pay the monthly DPC fees for employees themselves.

A British Medical Journal study showed patients of Washington state DPC provider Qliance coming in with 35% fewer hospitalizations, 65% fewer emergency department visits, 66% fewer specialist visits and 82% fewer surgeries. DPC benefits appear to not only reduce primary care costs, but lessen the healthcare costs and utilization outside of their practices.

Payer transparency is a significantly important strategy to the future growth and integration of DPC.

We talk about the importance of transparency in hospital pricing to patients, and for drug companies to reveal their true R&D costs. But have you ever stopped to consider the importance of transparency in how payers calculate and price plan premiums for each covered member? Just how much of the premium payment can be carved out as estimated primary care services to be received?

More than ever, healthcare consumer groups and fully insured employers should push health payers for transparency. Because I’ll bet what payers have estimated for per-person primary care usage and costs, adding in the associated patient responsibility portions (co-pays, and any applicable deductible or co-insurance fees) will be much more than an $840 yearly DPC payment.

But wait…there’s more. Don’t forget to have payers deduct an additional…let’s be conservative…1/3 of the Qliance savings percentages for the estimated care cost savings relating to carved-out estimated care outside of primary services.

Next, look at Medicare and do the same thing. But…instead of the wallets of health plan members, think federal budgets, taxpayers, subsidies, growing liabilities and the potential to hold off future tax increases.

Then look at Medicaid for the same reasons, remembering that DPC would certainly create a greater improvement of care quality than Medicaid care providers and facilities. Remember the “triple aim” — cost, outcomes and quality — and that doctors are happier.

DPC injects disruption and greater consumerism into healthcare.

Something interesting happened along the way to transforming our healthcare system. The ACA fell far short of its goals, and America’s care delivery and coverage became even less affordable for millions of employers and individual consumers.

We should know by now that improving quality and pricing for all will not come from laws — specifically, from those who force people into lower-quality Medicaid coverage, and insurance plan exchange options with punishing deductibles; in essence, giving people a broken Christmas toy with a pretty bow on it and pretending they will enjoy it.  

No matter how you dress it up, and much money you throw at it: Healthcare coverage is not the same as affordable healthcare.

In the heart of even the toughest situations, there are innately driven people who make bold, fresh choices and take stands — efforts that emphasize principles we know to be just and right, rather than gaining financially on the backs of others’ misery. My hope resides in what Lincoln called “the better angels of our nature.”

DPC offers a free-market “injection” into healthcare’s regulated pricing model. If Senate Bill 1989 or a similar law passes, it will provide individuals and companies a better chance to gain better quality, more affordable care. Unlike some DPC purists, I see a future inflow of Medicare dollars to non-enrolled DPC qualified providers as stimulating a transformation where coordinated care begins from outside of the umbrella of big medicine ownership.

Screen Shot 2016-08-08 at 3.14.32 PM

Like the plunging penguins who emulate the courageous actions of others, I believe many primary care physicians are looking for the right time to enter a DPC model. Whether that happens individually, through groups, or by strategic partnerships, is up to industry forces. It’s the beauty of filling consumer demand.

Making healthcare services, drugs and coverage affordable to consumers appears completely disconnected from the industry’s mission to improve care quality and outcomes, and lowering health “costs.”

Free market forces are what bring down consumer prices in most every market. Their introduction into U.S. healthcare will likely cause short-term fallout and financial pain within healthcare industries, but it would leave us, and future generations, with a more sustainable, stronger system. We’ve gotten to the point where healthcare bloat and unaffordability will require sacrifice from all involved.

By allowing consumer-friendly models like DPC to enter the regulated world of healthcare, perhaps slowly through the back door, we will see transformation come from within. History has repeatedly shown us that better models fueled by consumer desire rise to the top.

Electronic Health Records Hurt Care

Patient care as we know and expect it will diminish because of electronic health records (EHR) requirements. Society will suffer a slow degradation of artful interactive provider attention in deference to “data-field” medicine.

I am not simply referring to the very real and challenging issues in the technical application of EHR systems. Rather, I point out a more serious and insidious future threat to the actual human aura in medical practice.

There exists an unintended but real incentive for doctors and clinicians to consider task-completion as clicking through the data interface rather than interacting with and treating the patient. Legal requirements, reimbursements and potential penalties force EHR to top priority. In turn, clinicians as EHR users become more aware of and anticipate the truncated, template-driven and limited means of expressing case events via electronic reports. Therefore, their interaction with patients may be truncated.

I know this sounds callous and insulting to all good medical providers. To them, I say no insult is intended, and the fault of this perverse incentive is not theirs. They might honestly assess their experience and the actions of peers and associates within their practices given the advent of EHR. To providers, I ask: What about EHR might be sucking the creative life out of your optimal vision for the practice of your specialty?

My most stark encounter with this reality comes from a chance discussion with a longtime friend. She is a nurse practitioner who, for decades, has treated both ER and family-practice patients. As family friends, we never talk shop, and this particular conversation was not solicited by me. I politely asked, “How’s it going?” and got a surprising, soul-baring burst of frustration.

She expressed disdain. She prides herself as a master of triage, symptom investigation, on-the-spot research and communication with involved family members, and she desires to take the wide approach to patient situations as a service to them and to the doctors or specialists who may eventually carry the case, but electronic records don’t allow the narratives or collective points of data she would prefer. As such, her value is diminished, and the patient ultimately gets poor attention.

As she described her situation, I began to understand the rigid decision-tree “intelligence” in narrowing prompts for information based on how case records are initiated. She has persevered and found cumbersome work-around methods (such as editing previous fields to change next options, etc.) to combine or add issues or thoughts to a record beyond the template’s desired straight line of thought. Unfortunately, she explained, taking extra time to do anything is neither advisable nor encouraged because of the volume of patients requiring care.

Quick Tip: The Want for Data Should Not Put the Cart Before the Horse

As a foreshadowing about healthcare in general, consider what the supreme focus on automation and data collection has done to workers’ compensation. I have written extensively about the advent of electronic claim systems, over decades, reducing the adjusting job from that of an intelligent, intuitive personal-interactive specialist to the current task-level data entry clerk. We are now well into the post-paper-file generation of claim adjusters who know their job only as data-interface. Will medical clinicians meet the same fate when our current generation of providers, like my friend, move on? Will future clinicians, knowing only electronic records, assume that the decision tree of the EHR interface supersedes intuitive medicine?

Let’s hope not. Unfortunately, a simple Google search for “problems with EHR” will not sit well with anyone who embarks on some research in this area.

In claim adjusting, as in medicine, we need to intelligently feed the hunger for data but rail against a perverse desire to let automation increase case volumes or assume the template is sacrosanct. I am certainly not against all the good that electronic medical records bring to the party. However, we must first let practitioners do their jobs, not let “data screen medicine” dumb down patient care.

Perhaps provider-run coalitions should dictate standards for ever-improving EHR frameworks and interfaces so their highest-quality, real-time nimble intelligence can be best captured in all patient events. I know at least one nurse practitioner who has a lot to say on that subject.

Medical Identity Theft And Fraud

Medical identity theft (MIDT) is a crime that has profound consequences for patients, insurance providers, and health care providers. The definition of medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and/or medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity. Unfortunately, the definition of medical identity theft and the consequences that are associated with the crime are not common knowledge to the general public.

A recent study conducted by Harris Interactive on behalf of Nationwide Insurance found that only one in six (~15%) of insured adults say they are familiar or very familiar with the term “medical identity theft.” Of the 15% that professed familiarity with the term, only 38% could correctly define what a medical identity was (Medical ID Theft Study 4). Unfortunately, this lack of widespread understanding of medical identity theft by consumers is part of the problem and it is costing consumers, insurers, and healthcare providers alike.

According to the most recent Ponemon Institute Research Report, 1.85 million Americans were affected by medical identity theft in 2012. This is a dramatic increase from the 1.49 million affected by medical identity theft in 2011, amounting to an almost 25% increase in just one year (Third Annual Survey 1). This rate of growth has the potential to explode due to several reasons. First, The Affordable Care Act is estimated to reduce the number of uninsured by approximately 30 million (Insurance Coverage Provisions 13), drastically increasing the number of insurers and insured patients that are targets for medical identity theft. Second, HIPAA policies and new rules under HITECH are increasing the use of electronic health records (EHRs) which can be vulnerable to data hackers. And lastly, the data hackers themselves are more sophisticated and cognizant of ways to profit off of personal data than ever before. All these factors combined pose a very serious dilemma in controlling the rate of growth for medical identity theft. Ponemon estimates that the cost of medical identity theft to consumers in 2012 was approximately $41 billion (Third Annual Survey 1). This does not include the untold cost borne by healthcare and insurance providers. We cannot afford the cost of letting this crime grow.

In order to minimize the effects of medical identity theft we must better understand the nature of medical identity theft. The Identity Theft Resource Center (ITRC) knows it is important to assess how consumers’ identities are stolen, how they find out they have fallen victim to this crime, and how difficult it is to resolve once discovered. The Identity Theft Resource Center believes this information can be used to educate and make aware the general public as to what medical identity theft is and how they can minimize their risk or mitigate the cost once they become a victim.

Looking at how medical identity theft victims discover they have fallen victim to this crime is crucial in determining what can be done to discover medical identity theft sooner to avoid increased expenses and instances of fraud. The 2012 Ponemon report found that the most common way (39%) people discover they have become victims of identity theft is by receiving collection letters for delinquent bills. This is bad news as this means the costs for the fraudulent services worked their way through the providers’ billing systems and languished there until they were forwarded to collection departments or agencies. In the time it took for the bill to make it to the collection department or agency, the imposter could have committed many more instances of fraud in different locations. The second most common method of discovery (32%) was by noticing mistakes in their health records, tipping them off to the medical identity theft. This is also bad news as mistakes in health records can have catastrophic consequences which can be fatal.

Fortunately, the third most common method (26%) of discovering identity theft was by victims noticing suspicious postings to a statement or invoice, such as an Explanation of Benefits statement. This is very good news as this usually means the victim is discovering their medical identity theft as early as possible. The earlier the victim notices the crime, the more likely they may avoid damage to their credit score, stop future abuse of their medical identity, and reduce the amount of time and money spent to rectify the issue. This statistic is even more interesting when compared to the previous two years of the Ponemon study, where only 9% of participants indicated that they discovered their medical identity theft via suspicious statements of invoices. This is a promising example of how educating and making consumers aware of medical identity theft can make a big difference in helping reduce the incidence of medical identity theft and its costs as a whole.

Looking into the mitigation process victims are confronted with after they discover their medical identity theft reveals the costs and trouble they have to go through to clear their names. There are two distinct objectives when mitigating medical identity theft. First, the victim must deal with an individual incident such as a thief receiving medical care under the victim’s name and the associated fiscal impact the crime imposes. Second, the victim must now deal with the task of “curing” themselves of medical identity theft, insuring that their medical identity is not abused again in the future. This second objective is extremely difficult and contributes to the devastating nature of medical identity theft.

Regarding the first objective, the process for rectifying an individual incident of medical identity theft is complicated and drawn out. The victim must immediately contact the medical records and billing departments of the healthcare provider that provided the services to the imposter, request their medical records, and inform the provider that they are not responsible for the fraudulent bills. Upon learning that there may be fraudulent information in the victim’s medical record, the healthcare provider may deny the victim access to their medical record for fear of violating the Health Insurance Portability and Accountability Act (HIPAA). HIPAA protects the privacy of patients’ medical records making healthcare providers worry that they may be violating the imposter’s privacy rights by releasing the medical record to the victim. Oftentimes, the healthcare provider does not know for a fact that the fraudulent information in the medical record was a result of medical identity theft and cannot rule out that it may simply have been an accidental mixing of two patients’ records. Regardless of the situation, the healthcare provider is afraid of incurring liability under HIPAA for releasing confidential medical information even if it is under the victim’s name. The victim may have to appeal the decision in order to be able to view their records.

In one case, a medical identity theft victim was charged for bills related to the alleged amputation of one of her feet. Luckily, this was easily refutable as she would simply show the hospital billing department that she still has her two feet. Unfortunately, the imposter also had diabetes which prompted a physician, during a subsequent hospitalization, to ask the victim what medications she was taking to treat her diabetes. Note, the victim has never had the disease (Menn). This case demonstrates how frustrating correcting medical records can be and reminds us how dangerous medical identity theft is to the victim.

It is also recommended that victims file a police report and submit a copy of the report to healthcare providers as it will usually help streamline the process. It is important for victims to note that medical identity theft, like any other form of identity theft, is a crime police are required to provide a police report for in most states. Once the incorrect information is identified, the victim must request that the healthcare provider either remove the information or at least flag it should the provider be reluctant to permanently remove it. After correcting the records at the location the imposter received medical services, the victim will then have to request an accounting of disclosures listing all the entities to which the healthcare provider sent the victim’s fraudulent records. The victim must repeat this procedure at each location that has their fraudulent medical record. All of this creates mountains of work for healthcare providers, insurers, and the victims themselves which increases costs in the medical industry for everyone involved.

The second and more difficult objective, “curing” oneself of medical identity theft, does not have a set solution. The problem stems from the decentralized structure of the medical data system. Every healthcare provider, pharmacy, and insurer has its own records and records system. In contrast, the financial industry has three major credit reporting agencies through which almost all financial credit information is processed. Therefore, when you have suffered financial identity theft, a great way to mitigate future instances of fraud is to place a credit freeze with all three credit reporting agencies so that identity thieves cannot abuse your credit again. There is no such central medical record agency for medical records. Thus, it is possible for a medical identity thief to commit fraud with the same medical identity over and over again in multiple locations around the country. The victim will have to go through the individual incident mitigation process every time and just hope that the identity thief will stop using their medical identity.

Since there is no way to get ahead of the thief and prevent the medical fraud from occurring, the best way to mitigate the costs and effects of medical identity theft is for the victim to be vigilant and confront each instance of fraud as soon as possible in order to reduce the amount of wasted time and costs. This repetitive cycle is exhausting and costly for the victim as well as healthcare providers and insurers. In all three years Ponemon has conducted this survey, the number of victims who said they had completely resolved their medical identity theft never exceeded 11% (Third Annual Survey 11). This is an ongoing problem that does not yet have a solution, but it is imperative for all stakeholders to be involved.

All of this information points us to the realization that medical identity theft is a costly and potentially dangerous crime that is incredibly difficult to resolve. To make matters worse, medical identity theft often goes undiscovered for long periods of time and only becomes more detrimental and difficult to resolve the longer it goes undetected.

The Identity Theft Resource Center proposes that one of the best methods of reducing medical identity theft and the costs associated with it is an educated and aware consumer population. To make this point, it is useful to separate out the causes of identity theft listed in the Ponemon report into two groups. The first group includes causes of identity theft that victims have no control over: healthcare provider used identification to conduct fraudulent billing (22%), malicious employee in the health provider’s office stole health information (7%), and the healthcare provider, insurer or other related organization had a data breach (6%). In total, 35% of the causes of identity theft cannot be affected by actions of the consumer. The second group consists of causes of identity theft that a consumer does have a degree of control over: family member took personal identification credentials without my knowledge (35%), mailed statement or invoice was intercepted by the criminal (6%), lost a wallet containing personal identification credentials (5%), and a phishing attack by criminal who obtained personal identification credentials (4%). Thus, the total of causes of medical identity theft that can be affected by actions of the consumer is 50%. It should be noted that 15% of the participants still did not know how they had their medical identity stolen.

Looking at the numbers above, it is clear that the consumers themselves can have the largest impact in reducing the number of medical identity theft cases and the severity of the cases that still occur. Not only do the consumers themselves have the best ability to reduce the risk of medical identity theft happening to them, they are the only people that can reduce the severity of the crime when it does happen. The Identity Theft Resource Center has long understood the ramifications of medical identity theft on the consumer population as well as the medical industry itself. We know that educating the consumer population can be cost-effective and powerful.

The Identity Theft Resource Center is a founding organization of the Medical Identity Fraud Alliance, the first public/private sector-coordinated effort with a focused agenda that unites all the stakeholders to jointly develop solutions and best practices for medical identity fraud. We encourage all industry stakeholders to join so that we can work together in galvanizing the consumer population into becoming the most effective weapon yet against medical identity theft.

How Consumers Can Minimize Their Risk Of Medical Identity Theft

  • Review Explanation of Benefit statements as soon as you receive them as they may detail medical services that you never received.
  • Review your credit reports multiple times a year to see if any fraudulent accounts have been opened in your name, or if any medical bills have been reported as unpaid.
  • Be aware of phishing emails. These emails are designed to look like they are official communications from either a healthcare provider or insurer and ask for personal information such as a Social Security number, insurance policy number, or other information used to commit medical fraud in your name.
  • Do not open attachments in emails from people you are not familiar with as it may have a virus or program to steal information from your computer.
  • Use a Virtual Private Network when using the Internet outside of your home as this will encrypt your signal from your mobile device or laptop.
  • Do not carry your Medicare card, Social Security card, or certain military identification as these have your Social Security number on them. Should you lose your wallet or purse or have it stolen, this information would be extremely valuable to a medical identity thief.
  • Shred or safeguard any documents with personally identifiable information by either locking them in a safe hidden in the home or by storing them on an encrypted thumb drive and deleting them off your computer. Sensitive documents with PII include:
    • Tax preparation papers
    • Explanation of Benefits statements
    • Medical Bills or Records
    • Bank Statements
    • Passport
    • Medicare, Social Security, or military identification card

References
Nationwide Mutual Insurance Company. “Medical ID Theft Study Results.” March 2012. Print.

Ponemon Institute. “Third Annual Survey on Medical Identity Theft.” June 2012. Print.

Congressional Budget Office. Estimates for the Insurance Coverage Provisions of the Affordable Care Act Updated for the Recent Supreme Court Decision. U.S. Government Printing Office. July 2012. 13 December 2012. http://www.cbo.gov/sites/default/files/cbofiles/attachments/43472-07-24-2012-CoverageEstimates.pdf

Menn, Joseph. “ID Theft Infects Medical Records.” Los Angeles Times. 25 Sept. 2006. N.pag. Web. 20 Dec. 2012