By Margaret Collins March 23 (Bloomberg) — Sierra Morgan was billed $12,000 on her health-care credit card in November for liposuction, a procedure she never requested or had. “It’s depressing to know that someone used my name and knows so much about me,” said the 31-year-old respiratory therapist from Modesto, California. There were more than 275,000 cases in the U.S. last year of medical information theft, twice the number in 2008, according to Javelin Strategy & Research , a Pleasanton, California-based market research firm. The average fraud cost $12,100, Javelin said. “A trend we’ve seen over the past few years is using stolen information to file false claims,” said Louis Saccoccio, executive director of the Washington-based National Health Care Anti-Fraud Association , a non-profit research group. Criminals set up fake clinics to bill for phony treatments, said Pam Dixon , founder of the World Privacy Forum , a non-profit consumer-research group based in San Diego, California, which has worked with more than 3,000 victims. Thieves also may impersonate a patient, like in Morgan’s case, and some medical workers download records to sell, she said. The economic stimulus bill of 2009 includes $2 billion to create a national system of computerized health records and as much as $27 billion over 10 years in payments to Medicare and Medicaid providers who adopt the technology, according to the Department of Health and Human Services. The digital files will improve care and help lower costs, the government said, without projecting savings. Digital Files “Once files are in electronic form, the crime scales up quickly,” said Dixon, whose group analyzed a decade of consumer data from the Federal Trade Commission and medical identity theft cases from the Department of Justice. “There are cases where someone has walked out with thousands and thousands of files on a thumb drive,” she said. You can’t do that with paper files.” Patients’ medical records are altered to reflect diseases or treatments they never had, which can be life threatening if they receive the wrong treatment or find their health insurance exhausted, Dixon said. A thief may change the billing address for a victim’s insurance so they’re unaware of charges, she said. “Once you aggregate and put data in one place it’s easier for you to see it but it’s also easier for a criminal to see and use it,” said Scott Mitic, chief executive officer of Redwood City, California-based TrustedID, a consumer data-protection firm. “The digitization of medical records over the next years is certainly going to make this more of an issue.” Life Flight Brandon Sharp, 38, found more than $100,000 of unpaid medical bills on his credit report when he went to buy a home. The charges included $19,501 for a life-flight helicopter trip and emergency room visits he never used, said Sharp, a project manager for an oil company in Houston, Texas. “I’m as healthy as they come,” he said. Sharp said he spent six months to nine months correcting his medical files, outstanding charges and credit report. Medical identity theft is about 2.5 times more costly than other types of ID frauds, said James Van Dyke, president of Javelin, in part because criminals use stolen health data an average of four times longer than other identity crimes before the theft is caught. The average fraud involving health information was $12,100 compared with $4,841 for all identity crimes last year and consumers spent an average of $2,228 to resolve it, or six times more than other identity fraud, according to Javelin. No ID Check “It’s becoming the credit card with a $1 million limit,” said Jennifer Leuer, general manager of ProtectMyId.com, an identity-protection service provided by Experian Plc , a Dublin- based credit reporting firm. “If the health insurance is valid, they’ll treat you and not always check your ID.” Insurers are improving technology to spot false claims, said Tom McGraw, a senior vice president at Ingenix, a subsidiary of Minnetonka, Minnesota-based UnitedHealth Group Inc. McGraw leads a group focusing on Medicaid and Medicare fraud, the two government-sponsored health programs for the poor and the elderly, he said. The company can now track distances between providers and beneficiaries to identify if physicians are treating patients who don’t live nearby, he said. Legislation passed last year requires doctors and hospitals to notify patients when their information has been exposed from a security breach, said Randy Sabett, co-chair of the Internet and data protection practice at Sonnenschein Nath & Rosenthal LLP, based in the law firm’s Washington office. National Standards National standards should be established for fraud alerts on health care files, said Dixon of the World Privacy Forum. The government is considering new regulations to enhance privacy and security of health information, said David Blumenthal, national coordinator for Health Information Technology at the Health and Human Services Department. The Mayo Clinic uses electronic medical records and started adding patients’ photographs to them in the past year for safety and security, said Greg Warner, director of the Office for Compliance for the Rochester, Minnesota-based hospital. Eligible hospitals and physicians may begin receiving government payments for using approved digital records this year under Medicaid and next year under Medicare, according to the Baltimore-based Centers for Medicare & Medicaid Services. About 44 percent of U.S. doctors used some form of electronic records last year, according to the National Center for Health Statistics. Software Safeguards General Electric Co. , the world’s biggest provider of health-care information systems, estimated in October that medical-data technology and related services is a $35 billion market, growing at more than 8 percent annually. The Fairfield, Connecticut-based company said it would invest $90 million to help local and state governments build health-care information exchanges. Companies selling health-record technology to medical providers also include Siemens AG , based in Munich, Germany, Round, Rock Texas-based Dell Inc ., Watertown, Massachusetts- based Athenahealth Inc. and Allscripts-Misys Healthcare Solutions Inc., based in Chicago. They say the software has safeguards such as individualized logins and passwords, encryption and logs of who has accessed the system, which makes the files more secure than paper. “In banking, having your information in ATMs across the country is a convenience,” said Glen Tullman , chief executive officer of Allscripts. “Having information available to physicians and caregivers is a life and death matter.” Web Sites Microsoft Corp. and Google Inc. ’s Google Health have Web sites that allow people to store and share their personal health information. Users can connect with hospitals, doctors and pharmacies to better manage their health, said George Scriban, senior global strategist of Microsoft’s HealthVault . Patients should request a copy of their medical files from their doctors after each visit, ask their insurer annually for a list of claims and watch their credit reports, according to the World Privacy Forum. Victims should file a police report and contact the Federal Trade Commission because it may help their case when asking a hospital or doctor to amend errors in files, Dixon said. Sierra Morgan contacted the police and worked with the health clinic in Sacramento to arrive when her impersonator had an appointment, she said. “I wanted to catch her,” Morgan said. “What nerve she had using my name to get liposuction.” To contact the reporter on this story: Margaret Collins in New York at mcollins45@bloomberg.net .
Read more:
Patient Billed for Liposuction as Medical Theft Rises
