recommended reading

Health IT office awards contract to fight medical identity theft

The federal office overseeing the development of a national system of electronic medical records awarded a $450,000 contract on Wednesday to Booz Allen Hamilton to evaluate the scope of medical identity theft in the United States.

Comment on this article in The Forum."The prevention and detection of medical identify theft along with actions to address problems that may occur as a result of medical identity theft are necessary steps to build consumer trust in electronic health information exchange," said Robert Kolodner, national coordinator for health information technology at the Health and Human Services Department.

Officials with the national coordinator's office, which is spearheading the effort to provide most Americans with electronic health records by 2014, said Booz Allen will examine how information technology can be used to detect and prevent medical identity theft.

Medical identity theft is the act of stealing patients' electronic health records with the intent of committing crimes, such as blackmailing individuals who have been diagnosed as being HIV-positive or using the stolen medical records to set up fake medical clinics to file false claims. Last year, five people pleaded guilty to operating such a clinic to defraud Medicare.

The problem is widespread, according to the World Privacy Forum, which has studied the issue. Between 250,000 and 1 million Americans annually have their medical identities stolen, with potentially deadly consequences, according to the group's 2006 report. In one example cited, a Florida woman found that "an imposter had caused false entries [to be recorded] on her file, including changes to her blood type."

Last month Finjan Software Inc. reported that its Malicious Code Research Center discovered sensitive health information on U.S. patients stored on a Malaysian computer server, which was controlled by cyber criminals. Pam Dixon, executive director of the World Privacy Forum, said the Finjan report was an indication that medical identity theft has been adopted by "some nasty overseas crime rings," which elevated the consequences of medical identity theft to more dangerous levels.

She said the crime rings could hold the stolen medical identities for a year or two and then set up a fake clinic in the United States to start billing for procedures that run from $1,000 to $250,000 each for multiple patients.

Booz Allen, in the first phase of work on the contract, will assess the scope of medical identity theft, the result of which will serve as the baseline for developing prevention, detection and remediation strategies, according to the Office of the National Coordinator for Health Information Technology.

A one-day town hall meeting will be held in October in the Washington area, for the second phase of the project, and will be open to the public. The third phase will feature a final report and roadmap, summarizing key issues and possible next steps.

Dixon said she is heartened that Kolodner has decided to focus on medical identity theft, but she viewed the contract as late in the process to develop a national electronic health record system. She previously said as much when she testified in 2005 to Congress about medical identity theft one year after President Bush kicked off the national electronic health record project.

In addition, Dixon said electronic health records make it easier to steal medical identities and deterrents need to be built into the architecture of the National Health Information Network championed by Kolodner's office. The office also should develop ways to aid victims of medical identity theft, she said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.