As data breaches at health care organizations continue to spike, a bipartisan group of senators want to know what the Department of Health and Human Services is doing to curb this damaging practice.
Four senators yesterday sent a letter to Andy Slavitt, acting administrator for the Centers for Medicare and Medicaid Services, and Jocelyn Samuels, director of the HHS Office for Civil Rights, detailing their concerns surrounding these breaches and the many people now at risk of medical identity theft.
There have been 1,367 reported data breaches at health care organizations, which have affected about 154 million people, according to HHS’ Office of Civil Rights Breach Portal, which lists breaches going back to 2009.
“We are concerned that data theft will continue to rise and will result in an increase in medical identity theft,” stated Sens. Lamar Alexander, R-Tenn., Orrin Hatch, R-Utah, Patty Murray D-Wash., and Ron Wyden, D-Ore., in their letter.
Last year alone, five health care organizations, including Premera Blue Cross and UCLA Health System, suffered breaches that likely affected some 105 million people, according to the letter.
Identity theft can also impact Medicare Trust Funds and taxpayers. In fact, fraud may account for 10 percent of the total annual Medicare and Medicaid spending, or $98 billion, according to a recent report highlighted in the letter.
For example, a transnational organization launched a fake medical clinic and then proceeded to bill Medicare for some $1 million in services, according to the letter.
These wide-reaching repercussions call for an assessment of the current efforts in place to quell medical identity theft and the resources being sent to victims, the senators wrote. They have asked Slavitt and Samuels to answer several questions related to these issues by Nov. 24.
Their questions include:
- What support does HHS provide to federal, state and local law enforcement officials to aid their response to medical identity theft?
- How do OCR and CMS coordinate medical identity theft prevention and mitigation efforts?
- Does HHS believe recent data breaches at noncovered entities (ex: Office of Personnel Management) have resulted in increased medical identity theft?