Identity thieves prey on patients' medical records: USA TODAY May 7, 2008

[Guest guest]

Identity thieves

prey on patients' medical records 05/07/2008 By Appleby,

USA TODAY May 7, 2008

Doctors' offices, clinics and hospitals are a fruitful hunting ground for

identity thieves, who are using increasingly sophisticated methods to steal

patient information, lawyers and privacy experts say. Recent disclosures that hospital

workers snooped into the medical files of Shriver, Britney Spears and

Clooney highlight the vulnerability of patients to the merely curious

and the criminal. Legal experts say lawbreakers use

medical information to get credit card numbers, drain bank accounts or falsely

bill Medicare and other insurers. RECORDS:

It's often hard for

patients to get even their own files Marc Rotenberg, executive director of

the Electronic

Privacy Information Center , says attention on

identity theft has focused on how easily criminals can get financial records.

"Now we're moving into an era where many of those same problems occur with

medical records," he says. Hospitals and other medical settings

often encrypt data and take other steps to protect privacy, but "people

are acting with increasing sophistication to steal information," says

Stuart Gerson, a Washington, D.C.-based attorney who represents health care

firms. Those intent on crime "attempt

to gain the assistance of insiders" and use new techniques to capture data

from files, even those that are encrypted, he says. Pam Dixon, executive director of the

World Privacy Forum, an advocacy group, says "sophisticated crime

rings" often can make more money by stealing medical identities than by

going after individuals' bank accounts or credit cards. "If you steal

someone's medical identity, then multiply that by 100 or 1,000" other

thefts "and do fake billings, you can make hundreds of thousands, if not

millions, of dollars," Dixon says. In

Florida last year, a front-desk coordinator

at the Cleveland Clinic was convicted of identity theft, computer fraud and

other charges after downloading patient information and selling it to a cousin,

who submitted more than $2.5 million in phony bills to Medicare. In April, a former New

York-Presbyterian Hospital employee was arrested for participating in an

identity theft scheme in which he allegedly accessed nearly 50,000 patient

records over two years. False information from fake billings

can end up in patients' medical files — and creditors might seek payment

from the patients. Until the creditors call, patients might not know their

medical information has been accessed. In a recent survey of 263 health care

providers, 13% said their facility had experienced a data breach. Of those, 56%

said they notified the patients involved, according to the survey by HIMSS

Analytics, a non-profit data analysis firm, and Kroll Fraud Solutions, which

offers security-related services. In January,

California began requiring that consumers

receive notice when their medical information is improperly accessed. It is

only the second state, besides Arkansas , to do

so, Dixon says. Similar legislation, written by Sens.

Leahy, D-Vt., and Arlen Specter, R-Pa., is being debated in Congress.

No virus found in this outgoing message.

Checked by AVG.

Version: 7.5.524 / Virus Database: 269.23.9/1420 - Release Date: 5/7/2008 2:12 PM