Pam Dixon and John Emerson have authored a new report from the World Privacy Forum: The Geography of Medical Identity Theft.
From the report:
Summary of Findings and Recommendations
This report finds that medical identity theft is growing overall in the United States, however, there’s a catch. The consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.”
Populous states such as California, Florida, Texas, New York, and to a lesser degree, Illinois, often have high consumer complaint counts, which can result from population effects. Based on data analysis of “rate per million” so as to equalize for population, strong additional patterns emerge from the complaint data. Notably, a large cluster of southeastern states emerge as a regional hotspot for medical identity theft, with steady growth patterns. Medical identity theft hotspots have also occurred in a dispersed mix of less populous states.
In addition to documenting geographic and growth patterns, the complaint data also documented significant and heretofore largely unreported patterns of harm related to debt collection resulting from medical identity theft, including debt collections documented to be one to three years in duration.
The documentation of debt collection impacts on victims of medical identity theft is new information, and needs to be added to the understanding of how medical identity theft impacts victims of the crime. Although impacts and modalities will be discussed in detail in Part 3 of this report series, this report touches on this research as it represents a significant adjacent finding.
Key recommendations in the report include:
- The Department of Health and Human Services should facilitate the collection of follow up information from those affected by medical data breaches, specifically including data to document medical debt collection activity post-breach.
- Policymakers and law enforcement agencies should take regional and state hot spots suggested by the data into account when planning resources for medical identity theft deterrence, prevention, and remedies.
- Healthcare providers and related stakeholders need comprehensive risk assessments focused on preventing medical identity theft while protecting patient privacy. These risk assessments need to include specific plans for handling patient debt collection practices, and specific procedures that will prevent debt arising from medical identity theft to be passed to a collection agency.
- Patients, medical data breach victims, and other identity theft victims should be aware of states where medical identity theft is more active.
- The Consumer Financial Protection Bureau should monitor medical debt collection practices more closely and address abuses.
You can download the full report from this link.