Medical Identity Theft

On The Quick

Medical Identity Theft

Don't ignore red flags warning this might not be your patient

By Elizabeth Hanink, RN, BSN, PHN
to Save

Most of us are now on guard against identity theft, routinely changing our PINs and passwords, shredding old documents and monitoring our accounts. However, too many people have a false sense of security regarding their medical information, a mistake that can be very costly.

If an unauthorized person gains access to your medical information, they could use it to obtain services or drugs in your name or attempt to defraud providers or insurers. Aside from possibly landing you in hot water, such identify theft could even put your health at risk, filling your medical records with inaccurate or falsified data on test results, treatment outcomes or even allergies.

Hacking Rings

Unfortunately, theft of medical information has become all too common. According to the Identity Theft Resource Center (ITRC), 43.1 percent of all consumer data breaches reported in 2013 involved medical records, far more than the number of breaches involving banking and financial information or military or educational records. The center estimates that those breaches compromised about 4.7 million medical records.

While the most common cause of medical data breaches is hacking, that accounts for only about 25 percent of all incidents. Other common causes are the theft of laptops or devices containing medical information or security breaches caused by employees — sometimes accidentally, sometimes maliciously. The ITRC says the number of “insider theft” incidents was up significantly from previous years.

A Bigger Target

The push at the federal and state levels for the adoption of electronic health records makes such data breaches more likely and potentially far more severe. Paper records might be less efficient, but they’re also harder to steal. With electronic records, one stolen laptop might compromise hundreds or thousands of patients’ data. That’s a big target for thieves.

Unfortunately, while the Department of Health and Human Services is charged with investigating, disclosing and punishing breaches of patient privacy, there is little the patient can do once a breach occurs. There is also not much individuals can do to protect themselves from data breaches at hospitals or clinics.

All that makes it particularly important for nurses to be mindful of their institutions’ guidelines on medical record security and patient privacy. Such procedures might seem like a hassle, but one innocent slip could cost your hospital and your patients millions of dollars. 



don’t ignore the red flags

As an experienced nurse, one of your greatest strengths is the ability to recognize when something just doesn’t feel right. That instinct can help you save a  patient’s life and also makes you one of the first lines of defense against medical identity theft. One of the reasons medical identity theft is becoming so common is that it can be very hard to detect. That makes it particularly important for nurses to pay close attention to anomalies in medical records and other potential red flags.

For example:

  • Does the personal information in the patient’s chart or file seem to be wrong? (e.g., the patient seems much older or is much taller than the chart indicates.)
  • Do you notice the same address, phone number or Social Security number in the records of two unrelated patients?
  • Are there peculiar discrepancies between the patient’s history or test results and his or her current presentation? (e.g., the chart indicates a prior apendectomy but this patient doesn’t have a scar.)
  • If you ask about a previous test or treatment, does the patient say, “No, that’s not right?”

Inconsistencies like these can be the result of honest confusion or a lapse of memory, but they can also be signs that a patient’s medical identity has been stolen or is being used in a fraudulent way. Don’t ignore them.

Make sure you’re familiar with your hospital’s procedures for reporting and investigating such red flags. If you’re not sure what the policy is, encourage your management team to establish clear guidelines. The California attorney general’s office has issued recommendations for healthcare organizations on spotting and responding to signs of medical identity theft. You can download the recommendations here.

This article is from

You might also like

On The Quick

Naloxone Manufacturers Donate 30,000 Free Doses

New surgeon general advisory

On The Quick

New Colorectal Cancer Screening Guidelines

American Cancer Society recommends starting at age 45 or younger

On The Quick

Few Men Seeking BRCA Cancer Screening

Breast cancer is a risk for men too

View all On The Quick Articles

Robert Noakes