Successful healthcare transformation through the promise of HIT generally and EHR/HIE/PHR specifically, depends squarely on proper management of patient/individual identity. Unfortunately, medical identity theft could undermine the vision HIT/EHR/HIE/PHR offers.
First, there is last week’s story describing the medical identity theft extortion letter received by Express Scripts. This story is troubling on several fronts. First, someone found their way to gain access to 50,000 patient records that were assumed to be secured. Second, the criminals are holding the records hostage and hope to make money this way (i.e., pay us or we release the records to the public). Third, the story gives the public another reason not the trust in the security of their health data which will slow the adoption of EHR/PHR/HIE.
Elsewhere, additional medical identity theft stories appear in which individuals use the identity of others as a way to access care they cannot afford (i.e., you receive a bill for a surgery you did not have). Here the implications are severe. The first is the obvious theft of services, fraud, potential credit impacts, and depletion of available health insurance benefits. The second and more concerning impact is the health data residing in the victim’s EMR/EHR/PHR will be incorrect leading to potential patient safety issues…how will corrections be managed? by who?
Will the national and local HIT initiatives be able to harden the security for HIT enough to resist such attacks? Is the government (no matter which country) doing enough to deter and enforce the protection of medical identity? Does the public know enough to adequately protect themselves?
What is happening in your regions? How are you avoiding the derailment of health transformation?