Preventing Insider Medical ID Theft

Recent Cases Spotlight Fraud Risks

By , January 11, 2013.
Preventing Insider Medical ID Theft

Three recent identity theft incidents highlight the need for healthcare organizations to stay vigilant in preventing fraud involving insiders.

See Also: 2015 Insider Threat Report

The incidents include:

  • A Louisiana case involving the arrest of seven individuals, including a former hospital billing worker who allegedly used patient information for the creation of fake checks and IDs;
  • A Florida case involving a former hospital emergency department clerk who allegedly accessed more than 760,000 patient records to sell information for profit;
  • A Texas case involving a former state employee who allegedly used patient immunization information to apply for credit cards online.

Security experts say healthcare organizations can take several steps to help minimize the risk of identity theft. Those include auditing and monitoring worker activity, restricting staff access to patient information and ramping up employee training.

The Identity Theft Resource Center also is offering advice on fraud prevention (see: ID Theft: 2013 Top Concerns).

Spending Spree

In the Louisiana case, a former billing worker at LSU Hospital System allegedly used copies of scanned checks from a database and other patient information, including Social Security numbers, to create fake checks and IDs used by others, according to Louisiana State Police.

So far, the incident has affected 416 patients from several states. But that number might rise as LSU and state police continue their investigations into the matter, an LSU spokesman tells HealthcareInfoSecurity.

The organization is reviewing all procedures and policies in the wake of the incident, the spokesman says. "Nothing new has been implemented yet, but it's a matter of time before new procedures are put into effect."

A Louisiana State Police spokesman told HealthcareInfoSecurity: "ID thefts are increasingly common, but what makes this case different is that so many individuals were involved and so much information came from a hospital database. You don't usually see that in counterfeit check cases."

Conspiracy Case

In the Florida case, a former Florida Hospital Celebration emergency department registration worker and his wife, who worked as an insurance representative at the hospital, were arrested last year and pleaded guilty to charges that included conspiracy to obtain health information.

The former clerk allegedly used a computer in the emergency department to inappropriately access electronic health records for more than 760,000 patients in several Florida Hospital locations, looking for information about individuals involved in motor vehicle accidents so that they could be solicited for chiropractic and legal services.

Authorities alleged the former clerk sold the patient information to a third person, who pleaded guilty Jan. 7 to federal charges of information theft (see: Selling Records for Profit Alleged.)

But it's not just hospitals that are vulnerable to these sorts of insider ID thefts. A former worker at the Texas Department of Health and Human Services was charged this month with identity theft after allegedly using information from patient immunization records to apply online for credit cards, according to a statement from the Titus County Sheriff's office . "The list of individuals that had their information stolen is still growing and we believe it to be in the hundreds," the statement notes.

A search of the suspect's residence recovered some of the property that the suspect purchased with the fraudulent credit cards, along with immunization records and other documents with patient or family members' names and Social Security numbers, according to the statement.

A Texas Department of Health spokeswoman told HealthcareInfoSecurity: "We are working closely with law enforcement to investigate the situation and will be notifying potential victims as soon as possible. The list of potential victims may be incomplete, so we are urging anyone who received services at the clinic to be on the lookout for fraud. ..."

Medical identity theft cases are relatively common, one recent survey shows.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Congress to Consider Info-Sharing Bills

Lawmakers have begun the process of taking up President Obama's call to enact cyberthreat...

Latest Tweets and Mentions

ARTICLE Congress to Consider Info-Sharing Bills

Lawmakers have begun the process of taking up President Obama's call to enact cyberthreat...

The ISMG Network