Medical Identity Theft: Discussion – What’s Next? Going Forward From Here

Report home | Read the report (PDF) | Previous section | Next section


The Necessity of a Comprehensive Risk Assessment

Risk management and anti-fraud experts have not been visibly included as stakeholders in the NHIN process. Robert Charette is the chair of the ISO/IEEE Standard on systems and software engineering risk management, and is the president of a company that specializes in enterprise risk management. As an expert who understands the risk of the proposed NHIN, he wrote a thoughtful commentary expressing his frustration with the lack of a clear, systemic planning effort or vision for finding, anticipating, and mitigating risks in electronic health care systems.

“What disturbs me most is that I don’t see any comprehensive risk management plan for this effort, nor do I see much in the way of a desire to define one. As anyone who has been involved in large-scale endeavors, managing the risks involved from a total enterprise perspective is absolutely vital to achieving success. If the NHIN is so critical to the nation, if it will radically transform health care in this country, shouldn’t there be at least some systemic risk management plan with the risks defined, prioritized and where possible, mitigated?

Since new systems always introduce unexpected problems, such potentially perverse consequences also need to be part of such a plan. … for example. What could happen if a large number of poorly implemented EHR systems get interconnected?” [128]

Charette is correct on this point. Going further, it is reasonable to say that there has been a lot of sales pitches for the NHIN and electronic health records, but there have not been reality checks such as those Charette is wisely bringing forward.


Legitimate Drug Trials and Medical Researchers Need to Differentiate Themselves From Fraudsters

It is likely to become increasingly difficult for the estimated 2 million patients who participate in medical research to discern what is a medical identity theft scam and what is a legitimate drug trial or medical research opportunity. An Associated Press article described how the recruitment of clinical test volunteers now includes glossy advertising techniques and old-fashioned in-person recruiting techniques:

“A visit to Las Vegas with her husband to attend his funeral director convention led her to an Alzheimer’s information booth. Becker, 68, of Struthers in northeast Ohio, is now among the approximately 2.3 million Americans who participate annually in medical testing. …Recruiting test volunteers isn’t left to chance. There’s a growing array of outreach programs, including focused advertising, glossy brochures and a renewed emphasis on basics such as a high-visibility recruiting table of the kind that caught Mrs. Becker’s attention. Hospitals also look for participants among their visitors and at stores and retirement parties.” [129]

Byron Hollis of the of Blue Cross /Blue Shield described in a magazine interview how “Fraudsters, posing as nurses, go door-to-door looking for seniors who need health-care. Instead they collect Medicare and Medicaid numbers and bill the government for services they never provide.” [130]

Medical identity theft scams are also online. World Privacy Forum researchers located the following ad in an online Brooklyn, New York classifieds ads:

Free medical exams! Please bring with you: • NYS or Federal Picture ID and Social Security Card • 3 letters of reference with name and phone number • Original HHA/PCA Certificate (if you have one) • Proof of address (bill or lease in your name. If you do not have a bill or lease in your name you must write a letter stating who you live with, notarize the letter, and bring that persons bill or lease) • Recent Medical Examination results including PPD, Physical, Rubella and Rubeola. If you do not have a medical examination we will provide one at NO COST to you.” [131]

It is possible that this ad was not for a medical identity theft scam. But the ad does have certain medical identity theft flags, including the offer of a free medical exam, and an overt request for a great deal of personally identifying information. Blue Cross /Blue Shield specifically warns its beneficiaries about these kinds of scams. The BCBS web site advises consumers to “ Be cautious of free medical exams, co-payment waivers, or advertisements stating “covered by insurance.” [132]


Further Study: Getting a Grasp of the Size, Scope, Incidence of This Problem is Crucial

Currently, sharp, clear numerators for medical identity theft do not exist. There is too much that is not known because it has not been studied. In order to develop adequate and effective prevention and detection of this crime, its incidence, prevalence, and so forth will need to be quantified.

Currently, some providers are checking a passport or drivers’ license at points of entry to the healthcare system, such as at doctor’s offices and hospital emergency rooms. This will catch the most desperate and least professional thieves, but it will do nothing about the fraud that occurs because a crime ring has stolen a dozen doctors’ identities, hundreds of identities belonging to the doctors’ patient rosters, and is systematically billing and changing medical files without ever stepping foot in the health care provider’s office or seeing a single patient.






[128] Robert Charette, “What Happened to Do No Harm?” 1 April 2006. CIO Magazine..

[129] Thomas J. Sheeran, “Volunteers sought to aid medical studies.” April 7, 2006. Associated Press.

[130] Fraud Magazine, Association of Certified Fraud Examiners. March/April 2006. “Health-care fraud drains lifeblood from patients, system. Interview with Byron Hollis, Esq., CFE, AFHI, National Anti-Fraud Director of Blue Cross Blue Shield Association.”

[131] Found at

[132] <>



Roadmap: Medical Identity Theft – The Information Crime that Can Kill You: Part II Discussion – What’s Next? Going Forward From Here


Report home | Read the report (PDF) | Previous section | Next section