Nowadays, healthcare providers depend heavily on information communication technologies to access patients’ information. The increased use of wireless technologies has provided a more convenient and quick means of obtaining such information (National Security Institute 3). However, these technologies have created an opportunity for illegal activities, for instance, medical identity theft. Malevolent individuals and associations often try to abuse these technologies by illegally accessing other people’s electronic medical records. Identity theft can pose monetary, physical and psychological harm to the victims (Pam 1).
Even though the use of information technology has improved service delivery in the healthcare sector, it has also created an avenue for unlawful activities such as data theft (Australasian Centre for Policing Research 5). There are as many perpetration techniques for medical identity theft as the individuals who perpetrate them and such actions are as harmful as the volume of data accessed. The new information and communication technologies such as wireless technologies provide new ways of accessing remote data (Canadian Internet Policy and Public Interest Clinic 3). Medical data theft through wireless technologies forms the basis of our study. The study will explore the implications of medical identity theft through wireless technologies and plausible risk prevention strategies to counter such illegal activities. However, before exploring the ramifications of medical identity theft and strategies to counter it, it is important to define medical identity theft and threat agents.
Medical identity theft
Identity defines or distinguishes each and every individual. In contemporary society. People often strive to create an identity that separates them from others. However, there have been rising cases of people trying to steal other people’s identities for some form of gain and malicious reasons (Pam 3). A study conducted by the Australasian Centre for Policing Research established that identity theft costs more than $50 billion per year in the United States alone. This figure is expected to increase due to the emergence of new forms of identity theft, which is attributed to the growth of wireless infrastructure (8).
Medical identity theft refers to the use of another individual’s identity without permission so as to obtain health care services (Pam 3). Medical identity theft can be committed in many ways, including creating a fake identity, assuming a given character or modifying an already existing identity. There also are cases where individuals under witness protection usually use the previous identity to perpetrate identity-related offenses (National Security Institute 12).
In the United States, identity crimes incorporate both identity theft and fraud. Nevertheless, identity theft and identity fraud refer to two different things. Medical identity theft refers to distortion, adoption and alteration of identity to obtain medical services. On the other hand, identity fraud refers to the use of another individual’s identity to acquire something under false pretenses often from an insurance company (Julianne 2). Medical identity theft is more difficult to identify and solve than other identity-related crimes because health care providers are under no obligation to provide regular medical transaction reports. When medical identity theft is detected, it often takes a longer period to be resolved. Besides, the likelihood of medical service providers and insurance companies to respond to an individual’s request when such crimes are detected is very slim (Pam 5; Australasian Centre for Policing Research).
Everybody from an infant to the aged is at risk of medical identity theft (National Security Institute 12). Those who have passed away are usually considered to be soft targets unless their records are continuously monitored. This form of identity theft is commonly referred to as “ghosting” and can take a very long time to detect. Owing to the interconnectivity of healthcare agencies, “ghosting” is becoming less rampant. However, it still takes place in cases where the deceased records are not scrutinized regularly or where a death certificate has not been issued (The Free Dictionary 2).
Medical network managers should be well aware of different threats and techniques available to cybercriminals (National Security Institute 4). Data thieves can come from within and outside the organization. As a matter of fact, insiders pose the greatest threat since they have more knowledge of the way the system works (Craig 2). The susceptibility of medical data depends on the system used and security features in place. The increased use of online-based systems presents a significant opportunity for hackers who can access hospital records from remote places. A single breach in a system can lead to the loss of large volumes of data. The Internet-based systems have made medical data theft a very lucrative and attractive venture for cybercriminals (Canadian Internet Policy and Public Interest Clinic 2).
As with most online-based networks, data theft can be committed through an array of techniques and gadgets, which include portable storage hardware, email services and USB thumb drives among others. Methods of medical identity theft range from stealing data devices by individuals posing as medical staff to the use of sophisticated types of equipment to hack into the system (Choi et al. 58). Although there are numerous ways of stealing medical data, our emphasis will be on the risks posed by Web-based networks. These networks are still subjected to general weaknesses of online-based systems, for instance, viral attacks and attacks from rogue access points. Moreover, the nature of these systems makes security an essential element owing to the sensitivity of the information they hold (Choi et al. 59).
Most healthcare institutions often remain mute on matters related to security breaches due to inadequate security or management issues. Studies have shown that medical security networks encounter more than 150 attempted violations in their system every month. Most hackers use Trojan attacks to facilitate identity theft offenses. Most of these attacks are motivated by financial gains (Erin 1; Craig 5).
Ramifications of medical identity theft
Individuals who have medical records have a right to confidentiality and limited access to such kinds of data. Whereas there are numerous advantages associated with the digitization of healthcare data, the security of medical records should be given high priority to safeguarding the doctor-patient relationship (Choi et al. 61). Medical identity theft can have severe medical, health insurance and job-related ramifications for the victims and the community as a whole (National Security Institute 15).
The information contained in the system is usually very confidential and is often associated with an individual’s private life. The information can include the patient’s history of maladies, hereditary and mental profile, treatment history, vocation and pay, as well as the information related to the patient’s identity (National Security Institute 15). If patients somehow happened to lose trust in the safety of medical files, this could cause anxiety when providing delicate information. As a result, it could lead to inaccurate diagnosis and treatment (Jacqueline 4).
When an individual’s personal information leaks to the public, it could also lead to serious financial and criminal consequences. For instance, when information related to a person’s job and income is presented to the public, this can make them victims of organized crimes. Some of the victims often end up dead (National Security Institute 16). Besides, patients’ medical records can be inaccurately modified, which can lead to wrongful diagnosis and treatment. Hospitals and health institutions can also fall victim to such criminal activities, which can damage their reputation (Australasian Centre for Policing Research 10).
Lack of awareness of such kinds of criminal activities can also hinder an individual from getting health insurance benefits. Health insurance providers may also be forced to raise the cost of medical care to cater to such risks (Choi et al. 63). In some cases, medical identity theft often leads to financial liability for services not rendered. Modified records can cause loss of life insurance cover. Some of these criminals can be medical experts who understand the system very well, hence can make sure the crime is difficult to detect (National Security Institute 16).
Medical identity theft can lead to loss of job opportunities when an individual’s medical records are available to the public, particularly to prospective employers. Individuals’ medical records are commonly used to gauge their employment suitability. For this reason, when medical records are altered, an individual can have a hard time finding a job. Therefore, medical identity theft can also affect other aspects of an individual’s life (National Security Institute 16).
The communal impact of medical identity theft is not easy to establish because many cases of medical identity theft are not reported or detected. In some instances, they are regarded as health insurance fraud (Choi et al. 63). Besides increasing the cost of health insurance, medical identity theft often denies millions of healthcare services. Besides, the government is often forced to allocate an enormous amount of resources to investigate such crimes (National Security Institute 19).
Risk prevention strategies
There are numerous strategies that could be used by individuals and institutions to counter such illegal access to medical information, even though it is impossible to counter all cases of medical identity theft. Although most medical records are often stored by healthcare service providers, individuals can also take it upon themselves to safeguard their medical records (Pam 8). There are numerous measures that can be taken by patients to secure their medical records. First, patients should ensure that all their health insurance cards are well safeguarded. Second, they should report any form of malpractice to relevant authorities. Third, they should regularly request and examine their health benefit statements. Lastly, they should be very careful with healthcare providers offering free or highly discounted services (National Security Institute 19).
On the other hand, healthcare service providers can safeguard their client’s medical records by adopting some measures. First and foremost, they should educate their patients and workers on this type of crime. Second, they should enhance doctors’ security practice. Third, they should embrace state-of-the-art technologies like fingerprint scanners to identify patients. Fourth, they should carefully analyze any form of claims and claim trends. Last but not least, they should improve the security of healthcare facilities (National Security Institute 22). The safety of healthcare facilities can be improved through secure data access, record encryptions, email encryptions and log auditing. These can also be achieved by hiring independent security agencies to monitor the activities of staff members. Additionally, they should conduct thorough background checks on all workers and track any forms of a security breach. Finally, employees should avoid discussing patient-related information with outsiders (National Security Institute 25).
The system should be regularly updated to effectively counter different threats and techniques available to cybercriminals. These measures are very crucial because when the security is breached, it is not possible to reverse the situation (National Security Institute 26). Nowadays, some hospitals include a driving license as part of the standard procedure for identifying patients. This measure was adopted due to numerous cases of impersonation. However, most hospitals often tend to be reactive on issues related to data security. In some jurisdictions, reporting data security breaches is a legal obligation. Withholding such information could lead to massive penalties (National Security Institute 28).
Medical data theft is one of the fastest-growing criminal activities. Medical identity theft is often carried out for financial benefits and malicious reasons. However, the biggest challenge facing many healthcare service providers is detecting such security breaches at early stages, particularly when the crime has been committed by a member of the staff. Besides, there is a lack of public awareness regarding this type of crime. Medical identity theft can have severe medical, health insurance and job-related consequences for the victims and the community as a whole. For this reason, necessary security measures should be initiated to counter illegal access to medical data and information. These measures are very critical because when the security is breached, it is not possible to reverse the situation.
Australasian Centre for Policing Research. Identity Crime Research and Coordination, Sydney, Australia: ACPR, 2007. Print.
Canadian Internet Policy and Public Interest Clinic. Techniques of Identity Theft, Ontario: Ministry of Health, 2010. Print.
Choi, Young, Kathleen Capitan, Joshua Krause and Meredith Streeper. “Challenges Associated with Privacy in HealthCare Industry: Implementation of HIPAA and the Security Rules.” Journal of Medical Systems 30.1 (2006): 57–64. Print.
Craig, Valli. The Insider Threat to Medical Records: Has the Network Age Changed Anything? San Diego, California: UCMSS Books, 2012. Print.
Erin, McCann. “Medical identity theft hits an all-time high.” Healthcare IT News, 2014:1-2. Print.
Jacqueline, Klosek. “Diagnosis: Identity Theft.” Business Week, 2008:4-5. Print.
Julianne, Pepitone. “Stolen Identity: 2.3 Million Americans Suffer Medical ID Theft.” NBC News, 2015: 2-3. Print.
National Security Institute. “Protect Yourself from Medical ID Theft.” Security Sense 9.11 (2007): 1-30. Print.
Pam, Dixon. Medical Identity Theft: The Information Crime That Can Kill You, Accra Beach, Barbados: World Privacy Forum, 2006. Print.
The Free Dictionary. Ghosting (Identity). Web. 2015.