The number of Americans connected to medical ID theft reached 1.8 million in 2013, a nearly 20% increase from 2012, says a Ponemon Institute study sponsored by the Medical Identity Fraud Alliance. Consumers' out-of-pocket costs as a result of the crime topped $12 billion.
The institute based its findings on a survey of 788 adults who claimed that either themselves or close family members were somehow affected by medical identity theft. The crime is defined as when a person uses someone else's credentials to receive medical services or prescription drugs or to commit fraudulent billing.
The survey found several indicators that people do not take medical ID theft as seriously as they should. Combining medical information of multiple people on the same record could give doctors and nurses life-threatening misinformation about blood type, drug allergies or medical conditions.
"Your records are contaminated by the medical information of the perpetrator, and that could actually have severe impact," Robin Slade, development coordinator of the Medical Identity Fraud Alliance, told CSOonline on Friday. "It could impede your medical treatment. It could potentially kill you."
While computer hackers and employees stealing medical records certainly contribute to medical ID fraud, the problem is actually much more complicated, the study showed.
Three in 10 of the respondents had shared their medical credentials with family members, so they could obtain treatment or pharmaceuticals. Nearly the same number said a family member used their credentials without permission, which was often never reported.
Despite being aware of the crime, almost 6 in 10 respondents did not check whether the information on their medical records was accurate, the survey found. In addition, half did not take any steps to protect themselves against fraud.
Ignorance seems to be the biggest driver behind medical ID theft. "They just don't understand that [fraud] is occurring," Slade said.
The lackadaisical response could be explained in part by the fact that 35% of respondents did not suffer any financial consequences as a result of medical ID theft. The majority of the losses that did occur were a result of reimbursing healthcare providers, legal fees, diminished credit scores and lost time and productivity in fixing inaccuracies in credit reports.
Also contributing to inaction is the amount of time required to deal with the crime. A third of the respondents found that the process took a year or more, and nearly half said they were unable to fix all the damage.
Healthcare providers could help to reduce fraud by improving their procedures for identifying people coming in for services. However, Slade argued that the crime could only be significantly reduced through a "holistic risk management approach" that involved service providers, insurers, government agencies, consumer groups and law enforcement.
"All of these organizations agree that fraud is not a competitive issue and we need to work cooperatively to address medical identity fraud," Slade said.
Founding members of the Medical Identity Fraud Alliance include providers of healthcare and support services, insurers and technology companies.