infoTECH Feature

December 15, 2014

Identity Theft and Medical Theft in the Workplace

Medical theft is defined as falsifying a victim’s medical record with information from the perpetrator and crime. One major reason for medical theft is that it provides criminals the necessary information to move forward and commit identity theft. Identity theft is when one person assumes another's identity and under false pretenses, performs acts or makes purchases. Violation of this law is a Federal offense and it is illegal to knowingly assume the identity of another person without their permission with either the intent or the actual act of performing any kind of unlawful activity.  

How Medical Theft Is Performed

According to the diagram called "Theft,“ a pattern exists for medical identity theft. The theft starts with identifiable health information which can come from multiple sources.  This information is available through a primary healthcare continuum of patients, providers, plans, vendors, etc. or they can come from what is referred to as a secondary healthcare continuum of agencies, research, public health records, law enforcement agencies etc.  The theft of this type of information is known as medical identity theft.

Stopping Medical Theft

Identity theft is fast becoming a major issue with businesses today. As more personal connections are linked through the web, there are increasing ways of data to leak out. Once that data leakage occurs, it could just be a matter of time before more of the victim data gets out. This problem affects many industries but perhaps the industry that has the most data to lose is the medical field. The ways to prevent and detect medical theft can vary. Companies are ultimately expected to protect their data but the individual does have a responsibility in safeguarding their own information.  They can take multiple preemptive steps to further protect their data by performing some routine safety measures.  For example, they can maintain their own healthcare records, demand that their medical partners fix any incorrect entries or errors in their records, monitor their benefits and ensure they receive what they were entitled to receive, and more.

Stopping Identity Theft

There are also many cases which result in the loss of identity or identity theft that can be prevented.  Many of these steps can be taken not just by the victim but also by the organization.  According to HIPPA and other standards, there are specific requirements that companies must take to ensure the safety of this data.  Furthermore, according to Inc.com, there are some steps a company can take to stop identity theft.  

The first is to address "insider mistakes". These are general best practices that need to be applied by organizations and their employees that would cause them to be more cautious with data.  Simple acts such as sending data over e-mail, saving data to removable devices such as flash drivers, etc are common errors in the loss of data.  

Another significant issue the company needs to be aware of is that of the disgruntled employee also known as corporate espionage or a "malicious insider".  These are individuals who will intentionally steal data or spy for rival corporations typically for financial gain.  Through proper implementation of the security group and limiting what an individual can do as well as routine auditing these acts can be limited.

The final form of breach is that of an "outside attack".  This is when a company is attacked by an adversary or a hacker with the intent of stealing data.  In some cases the data that is stolen contains customer's personally identifiable information (PII).  That information has a great deal of value and the black market and in many cases is sold or used to purchase goods and services while misrepresenting themselves as the victim.

A final thought on the topic relates to a preventative measure that can, and should be taken - the use of encryption technology.  More and more companies are beginning to use encryption across the board to further protect data.  The use of policies and procedures, encryption key access, key escrow mechanisms and other forms of encryption technology can greatly improve the level of protection of company data.

Unfortunately, many people don't know the difference between identity theft and medical theft.  However that's not the real problem, the real problem is that individuals need to take a more proactive role in securing their own data as do companies.  In fact, most people may not even realize that their data has been compromised until it's too late.  

Regardless of where you live or what your beliefs are on the use of the Internet, the fact remains that your records are on the Internet; therefore people need to take a more proactive role in protecting themselves.  Remember, while there are laws designed to protect both victims and companies, every piece of documentation that exists on identity theft also states or implies that individuals take steps to protect themselves in addition to companies protecting their data.




Edited by Stefania Viscusi
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers