According to a recent survey by The Ponemon Institute, six percent of Americans have been victims of medical identity theft.  This problem, while seemingly small, is on the rise and is increasingly costly patients, doctors and the larger healthcare economy.  Unless action is taken to secure our medical records, medical identity theft will become more prevalent as records begin to be digitized and move online.

This study defines medical identity theft as when an individual uses another person’s insurance information to receive treatment, products or prescription drugs, creating devastating and potentially deadly effects.  Financially, medical identity theft costs, on average, $20,160 per victim. Approximately half of the victims lost their health care insurance coverage as result of the theft.  Dangerous and potential life threatening problems result from incorrect information in the victim’s medical record often taking years to sort out and clear up.  Half of victims surveyed indicated it took a year or more to discover they were victims of medical identity theft.  

As the U.S. moves to incorporated Electronic Medical Records (EMRs) into healthcare as required by the American Reinvestment of Recovery Act (ARRA), the problem of medical identity theft can either be resolved or exacerbated. EMRs offer the potential to create positive change and to bend the cost curve of healthcare in the U.S. However, unless our personal medical information is protected, medical identity theft will only increase. Strong authentication standards for individuals accessing EMRs are critical and necessary.  Both patients and healthcare providers need to ensure only authorized personnel are accessing the correct medical records and personal data. Personal health information is significantly more sensitive than financial information and it requires a high level of protection. 

Protecting our personal medical information must require a two-factor authentication process.  Two-factor authentication means the user provides two identifiable pieces of information usually a card or token with security functionality and PIN code.   Currently, if you lose your wallet, you could easily become a victim of medical identity theft.  Requiring two-factor authentication processes would prevent another person from gain access to your health information and using your identity to receive healthcare services.  Without two-factor authentication losing your health insurance card could be devastating.

The Secure ID Coalition encourages the Office of the National Coordinator’s Health Information Technology Policy and Standards Committees to take the protection of patient medical information seriously and require two-factor authentication for Meaningful Use.