- When patients’ PHI is stolen, medical identity theft could occur. Moreover, providers that don’t comply with HIPAA standards could face heavy fines, as well as other challenges to their reputation and their patients’ security.
According to the fifth annual Medical Identity Theft study from the Ponemon Institute, medical identity theft increased 21.7 percent since last year. The study is conducted to determine how expansive this crime is within the US and what steps healthcare providers, consumers, and government bodies should take to stop its spread. The results are based on multiple survey returns from 1,005 adult-aged consumers in the US.
Forty-five percent of survey respondents indicated that medical identity theft impacted their reputation, with 89 percent of these respondents expressing embarrassment due to the accidental exposure of sensitive information. Others polled said that they missed out on career opportunities due to identity theft (19 percent) or that it resulted in employment termination (3 percent).
Fifty percent of respondents that had faced medical identity theft said that the crime had a significant impact on the confidence and trust they placed in their healthcare providers, while only 15 percent of respondents that suffered from medical identity theft said it didn’t impact their confidence and trust in their healthcare providers.
The study also showed that 53 percent of respondents answered that they thought it was very likely or likely that healthcare provider negligence contributed to medical data theft incidents. When asked if they were confident in their healthcare provider’s ability to protect their healthcare records from loss or theft, 68 percent of respondents indicated that they were not, while only 37 percent of respondents indicated that their providers have told them about the security measures taken to protect their information.
Despite the lack of confidence in their provider’s abilities to keep their PHI secure, 79 percent of respondents said that it’s important for their providers to ensure their data is protected, which is down from 82 percent in 2013. Meanwhile, 48 percent of those polled indicated that if their medical information was lost or stolen they would consider changing healthcare providers.
However, 40 percent of survey respondents indicated that if a data breach occurred, prompt notification of the problem from the responsible organization is vital. Many individuals polled did not learn about the exposure of their information until three months or more after the incident happened, and 30 percent did not even know when their information became exposed.
Though completely eliminating medical identity theft is not currently possible, there are methods that a healthcare provider could take in order to protect patients’ PHI. The survey suggests that providers can start with keeping their patients better informed about their privacy rights. Only 19 percent of individuals polled indicated they were familiar with privacy protections within HIPAA, while 35 percent were not familiar with their privacy rights and 34 percent had never heard about their provider’s privacy protections.
Healthcare providers could also improve the accessibility of healthcare records in order to help protect their patients’ privacy. When polled, 60 percent of survey respondents said they don’t check their health records. Of those respondents, 53 percent indicated they didn’t know how to check their health information records and 35 percent indicated that their records were difficult to access.