You and your patients may soon see more support from the federal government when it comes to preventing and mitigating the effects of medical identity theft — especially with new pressure to do so coming from Congress.
In a Nov. 10, 2015 letter to the Centers for Medicare & Medicaid Services (CMS) and the HHS Office for Civil Rights (OCR), the Chairs and Ranking Members of the Senate Committee on Health, Education, Labor, and Pensions and the Committee on Finance expressed their concerns with what HHS is doing to support and protect victims of medical identity theft.
Citing many large health information breaches lately, the senators raised fears regarding the surge in major cyberattacks on large insurers like Anthem BlueCross BlueShield and healthcare providers like the UCLA Health System.
“We are concerned that data theft will continue to rise and will result in an increase in medical identity theft,” the senators wrote.
Medical identity theft can have serious financial repercussions for victims, as well as adulteration of victim’s medical records, which can have dangerous health consequences, the senators pointed out. And although the HIPAA Privacy Rule grants patients the right to view and request corrections to their medical records, “there is widespread confusion about how this rule applies in the case of a thief’s information being comingled with that of his or her victim’s.”
Truth: In fact, both the U.S. Department of Human and Health Services (HHS) and the Federal Trade Commission (FTC) have addressed this very issue, noted partner attorney Adam Greene in a Dec. 1, 2015 analysis for the law firm Davis Wright Tremaine LLP. The HIPAA Privacy Rule grants individuals the right to copies of their medical records maintained by covered healthcare providers and health plans. If you give victims of medical identity theft copies of their own records, you’re not violating the thief’s HIPAA privacy rights even if the thief’s information is mixed with the victim’s.
The senators posed a list of specific questions regarding medical identity theft to CMS and OCR, including (for example):
Link: To read the senators’ letter to CMS and OCR, go to www.help.senate.gov/imo/media/doc/Medical Identity Theft Letter--final.pdf.