LITTLE ROCK — A dangerous type of identity theft has officials at the University of Arkansas for Medical Sciences on alert to stop impostors who get medical treatment under someone else’s name.
“It can be really dangerous to have people’s medical records intermingled,” said Vera Chenault, UAMS Identity Theft Prevention Program administrator.
UAMS developed a program in June 2009 to prevent medical identity theft after an analysis brought to light potential gaps in the hospital’s safeguards. Those gaps allowed people to pretend to be someone else, get medical treatment, and leave the real patient, an insurance company or the hospital with the bill.
The fraud can be costly for clinics, hospitals and insurance companies, but it can be deadly for patients. Mingled medical records can mean the wrong blood type, disease or allergy is listed in medical files, Chenault said.
Experts say medical identity theft is a nationwide problem that is difficult to track.
Many Northwest Arkansas clinics and hospitals require some type of patient identification but don’t have programs related to medical identity theft, said David Wroten, director of the Arkansas Medical Society.
Medical Associates of Northwest Arkansas, among the area’s largest medical organizations outside of hospitals, started a program to protect patients based on requirements from the Federal Trade Commission, said Kathie Rhodes, compliance officer.
The medical group, which serves about 122,000 patients, analyzed how it protects patients’ identities and then developed a prevention program for its 17 clinics. The group trains staff to identify warning signs that an identity has been stolen, including someone who repeatedly doesn’t bring a photo identification or doesn’t know the current address listed in the medical file.
“We have not seen any problem with it, no, but we are very cautious,” she said. “It can happen anywhere.”
Mercy Medical Center Northwest Arkansas hospitals in Rogers and Fort Smith ask for photo identification and file a photocopy in the patient’s medical chart, spokesman Laura Keep said. Siloam Springs Memorial Hospital spokesman Aimee Morrell said identification is required at the hospital.
Neither hospital plans to implement a specific medical identity theft prevention program, the spokesmen said.
Spokesmen for Washington Regional Medical Center in Fayetteville and Northwest Health Systems, which operates hospitals in Springdale and Bentonville, didn’t return calls for comment.
CRIME UNDERREPORTED
Once UAMS officials began to investigate, they discovered a case in which a woman gave birth then another woman used her identity to give birth three months later. In another case, the hospital discovered a father allowed his son to use his identity so the father’s insurance would pay.
About 1,862 Arkansans reported identity thefts last year, but fewer than 20 of those were medical identity thefts, according to the Federal Trade Commission’s annual report.
The crime is often underreported because people don’t realize their medical identity has been stolen until they begin receiving bills, officials said. Sometimes family members aid in the fraud, trying to help an uninsured relative get medical treatment.
The World Privacy Forum, a nonprofit group, estimated in 2006 that about 500,000 people nationwide were victims of medical identity theft in 2003. About 265,000 Medicare beneficiaries among about 47 million beneficiaries have compromised identities, Peter Ashkenaz, U.S. Department of Health and Human Services spokesman, wrote in an email.
Sometimes victims of Medicare fraud find someone already has requested a relatively expensive item, like a power wheelchair, using their identity. That victim is no longer eligible for financial help for this type of equipment, Ashkenaz said.
Other times identities are stolen to get prescription drugs, he said.
Aaron Sadler, a spokesman for the Arkansas attorney general’s office, said no one has complained to his agency specifically about medical identity theft, but the office has reviewed health-care-fraud complaints. The absence of complaints doesn’t mean medical identity theft isn’t happening in the state, he said.
Northwest Arkansas hospital spokesmen said they had not heard of any medical identity thefts in their hospitals, but most aren’t tracking it.
Cases involving medical identity theft may fall under different categories, said Kristin Cohen, attorney in the Federal Trade Commission’s Division of Privacy and Identity Protection. Sometimes a case might be called identity fraud, sometimes health-care fraud and sometimes insurance fraud. Hospital officials may not know whether the victim is involved or whether a patient simply forgot his or her information when being admitted into the hospital.
The World Privacy Forum reported that medical identity fraud is among the least tracked or studied frauds.
“Medical identity theft is difficult to get a handle on for how big it is,” Cohen said. “There aren’t a lot of statistics.” CLINICS EXEMPT
Nationally, hospitals and medical clinics started reviewing their own safeguards for medical identity theft after the Federal Trade Commission passed regulations in 2007 forall entities that issue bills to create a plan against identity theft.
The new regulations required more safeguards than the current federal Health Insurance Portability and Accountability Act, which protects patient privacy, Chenault said. But medical associations lobbied against requiring hospitals and doctor clinics to follow a guideline meant for lenders, Wroten of the state medical society said. The new requirements never were intended to apply to hospitals and aren’t needed, he said.
After the deadline for compliance was put off for years, President Barack Obama signed an amendment Dec. 18 that exempted doctor clinics and hospitals from the federal regulations.
But some hospitals, like UAMS, see a need for the guidelines anyway, Chenault said.
Large hospitals and medical clinics are most at risk for treating patients who have stolen someone’s identity, particularly in emergency rooms, Chenault said. Patients aren’t likely to be repeat clients at emergency rooms, and physicians at large doctor’s offices might not see the same patient twice, officials said.
UAMS focuses on training staff to recognize potential identity fraud and requires some identification, Chenault said.
Victims of medical identity theft can request a copy of their medical records and ask doctors to fix mistakes, but the doctor doesn’t have to, Cohen said. Doctors can choose to flag the change instead of deleting it, which means the misinformation stays in the file, she said.
All hospitals and clinics that bill patients benefit by voluntarily adhering to the federal commission’s requirements, Cohen said. Stopping identity theft on the front end is easier than trying to fix medical records later.
Arkansas, Pages 11 on 01/10/2011