Skip to Content

Medical Identity Theft

WPF urges HHS to clarify the harms of medical identity theft for victims

WPF has urged HHS to clarify the intersection between HIPAA compliance and harms resulting from medical identity theft in its response to the Request for Information from the Office of Civil Rights of the Department of Health and Human Services regarding implementation of the HITECH Act. WPF has a long history of work on the issue of medical identity theft, which has informed its response to HHS.

WPF to testify before NCVHS on emerging privacy concerns in health privacy — Beyond Digitization: Artificial Intelligence, APIs, and health privacy

WPF Executive Director Pam Dixon will testify before the full committee of the National Committee on Vital and Health Statistics (NCVHS) regarding emerging privacy concerns in the healthcare environment, including the role of artificial intelligence, patient authorizations, and automated access to patient health information. The NCVHS is the statutory [42 ...

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

WPF Comments: Access to the CFPB consumer complaint database is vital to understanding and analyzing identity theft in the US

WPF has urged the CFPB to continue to maintain its consumer complaint database and make complaints available to the public. The CFPB is considering multiple potential changes to its consumer complaint database, including reducing access, among other potential changes. In its comments, WPF explained how CFPB consumer complaint data has ...

Report: The Geography of Medical Identity Theft

This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.

Medical identity theft and electronic health care records: risks and solutions

Executive Director Pam Dixon will be speaking this Friday at the National Association of Healthcare Journalists about electronic records, and the risk of medical identity theft and other risks that arise from data breaches of medical records. Dixon's talk will cover new research, as well as discuss potential solutions to ...

Video: Dealing with medical identity theft in Health Information Exchanges

Medical identity theft happens when another person uses your identity to acquire medical goods or services. The problem is that when this occurs, the imposter's medical treatment gets put into your medical files. If your imposter has a different medical condition than you do, then your medical file can contain errors. It is important to correct errors in your medical file that occur as a result of medical identity theft. One of the potential challenges with exchanging your medical records in a health information exchange is that if medical identity theft happens, the erroneous file can be spread far afield through the HIE. Here's how to begin approaching the challenges.

WPF Discussing New Research in FTC Senior ID Theft Workshop

Senior Identity Theft - FTC -- WPF Executive Director Pam Dixon will be speaking at the Federal Trade Commission Tuesday on the issue of Senior ID theft, and specifically, about medical forms of the crime. Dixon, who wrote the first report on medical ID theft and coined the term for the crime, will be presenting new research at the panel.

WPF Republishes Landmark Medical ID Theft Tips and FAQ for Consumers

Medical ID Theft -- WPF has completely updated its landmark medical identity theft tips and advice for patients and consumers. "The new FAQcontains detailed advice for anyone who is a victim of medical ID theft, or is worried about becoming one," says Pam Dixon. "The FAQ and our shorter consumer tips have been updated to reflect our most recent research." In 2006, WPF published the first known report on medical ID theft and coined the term. Since then, WPF has been in the forefront of researching this crime and working to assist victims and those working with victims

New Medical Identity Theft map

Medical ID theft -- The World Privacy Forum has released a new map that reveals the geography of medical identity theft. This is the first map of its kind, and is based on the Federal Trade Commission Consumer Sentinel data. The map is interactive, and gives details on the cities where medical identity theft occurred over the course of a year. The World Privacy Forum published the first report on medical identity theft in 2006, coining the term in the report and bringing the crime to public attention. WPF continues to actively research this important privacy issue.

Medical data breach rule needs more work; World Privacy Forum files comments with HHS requesting changes

Data Breach | HHS HITECH Breach Notification -- The World Privacy Forum filed comments on the HHS data breach rulemaking and asked for substantive changes in several areas. In particular, WPF asked HHS to expressly state a requirement for a breach risk assessment in the final rule itself, and to set a requirement that the risk assessment must be conducted by an independent organization. The WPF also asked that HHS set breach risk assessment standards so that there is some uniformity and guidance as to what constitutes an appropriately rigorous risk assessment when a breach occurs. In the comments, WPF also discussed the relationship between medical identity theft and medical data breach and how this impacts patients and consumers.

WPF updates Red Flag report

WPF Red Flag Report -- The World Privacy Forum has updated its Red Flag report, Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers. The update reflects the new effective date of the Red Flag Rule, (November 1, 2009) and incorporates other minor updates in the text. This report replaces the original Red Flag report published September 2008.

WPF Resource Page: The National Health Information Network Page

The National Health Information Network (NHIN) is an ambitious modernization plan proposed by the U.S. government. The idea is to move as an entire nation from paper medical files to electronic medical files that are shared. Specifically, the government goal is to digitize patients' health records and medical files and create a national network to place the information in. The network, called the NHIN, would be a sophisticated network that hospitals, insurers, doctors, and others could potentially access. Such a network brings patient privacy, security, and confidentiality issues into sharp relief.

Skip to Top