- The U.S. Senate Committee on Health, Education, Labor and Pensions (HELP), known for its activism on health information technology issues, is pressing government agencies for information on how they intend to support and protect victims of medical identity theft. Committee leaders cited numerous failures to preserve healthcare data integrity in the face of nearly 1,400 reported breaches that affected more than 150 million individuals over the past year.
“We are concerned that data theft will continue to rise and will result in an increase in medical identify theft,” reads a Nov. 10 letter signed by HELP Committee Chairman Lamar Alexander and Ranking Member Patty Murray — along with Senate Finance Committee Chairman Orrin Hatch. The letter was sent to Andy Slavitt, acting administrator of the Centers for Medicare and Medicaid Services (CMS), and Jocelyn Samuels, director of the Office for Civil Rights at the Department of Health and Human Services (HHS).
The senators point out that medical identity theft can have significant financial repercussions for victims, as well as possible adulteration of their medical records. In some cases, thieves can file claims in victims’ names, thereby preventing the victims from being able to access services and equipment when needed. In addition, taxpayers must help foot the bill for large losses due to theft and fraud in government programs such as Medicare. Their letter states that Senate committees are assessing the adequacy of efforts to mitigate medical identity theft and the resources being offered to victims.
Here’s a summary of what the senators want CMS and OCR to answer by Nov. 24:
1. What support does HHS provide to law enforcement officials to aid their response to medical identity theft?
2. What services does CMS offer to Medicare and Medicaid beneficiaries who suspect they are victims of medical identity theft?
3. Provide a summary of reported cases of medical identity theft and describe how the information is collected.
4. What is the effect of recent breaches on healthcare organizations in the Medicare and Medicaid programs?
5. How does HHS collect data for inclusion in its Compromised Numbers Checklist database?
6. Does HHS track the financial and medical impact of identity theft on victims? (If so, provide the information.)
7. What support or educational resources does HHS offer to help consumers and contractors protect against, identify and respond to medical identity theft?
8. How do OCR and CMS coordinate medical identity theft prevention and mitigation efforts?
9. What support does HHS provide to law enforcement officials to aid their response to medical identity theft?
10. Does HHS believe that the HIPAA Privacy Rule gives a victim of medical identity theft the right to access his or her health record if it has been corrupted with a thief’s health information.
11. What steps has CMS taken to ensure that victims of medical identity theft retain access to needed services and do not suffer undue financial burden without compromising criminal and civil prosecutions?
12. Does HHS monitor the effects of breaches at non-covered entities?
The letter’s signatories offered assistance from their respective staffs in clarifying the information requested.