Lola Butcher

I enjoyed speaking with Robert Siciliano, chief executive officer of IDtheftsecurity.com, about the issue of medical identify theft.

Mr. Siciliano will speak at the upcoming World Healthcare Innovation and Technology Congress later this year.

Butcher: Information technology is in the process of transforming healthcare delivery. Patients are telling physicians about their symptoms over e-mail and checking their lab tests on line, to give just a couple of examples. What security issues should hospitals and physicians be thinking about?

Siciliano: First, it does start with your information technology administrators. They are responsible to protect you from the outside–from criminal hackers– and from the inside, if you happen to have a bad seed working within your organization. So, it all starts with the IT administrators. The physicians themselves, and the employees at all levels,  need to understand what their responsibilities are regarding safety or security and privacy policies, and those policies must be enforced at all times.

Butcher: If a patient’s personal healthcare information does end up being stolen from a hospital’s computer system, what happens? What is the hospital’s liability?

Siciliano: Over the past few years, there have been some major, major breaches of personal information at the government level, corporations, associations, healthcare, insurance companies - you name it. Just about every industry has been affected by a data breach at one level or another.

And as a result of this, state to state, they have passed data breach notification laws, which require corporations–entities whose information has been compromised–to disclose  that breach and to make sure that they notify those who have been affected by that breach, so that those people can then go out and take the necessary steps in getting protection, in getting some type of insurance, or credit monitoring, whatever the case may be, so that their identity is not further damaged as a result of that breach.

Unfortunately, criminal hackers have changed the motivation significantly over the past few years, and they are really targeting everyone. I mean, nobody is immune.

Butcher: It seems to me that protecting against identity theft ultimately is the individual’s responsibility. Do you see this changing in the future, and if so, how?

Siciliano: Unfortunately, it is absolutely the individual’s responsibility. While the organization may be responsible for doing their part to keep that data safe and secure, ultimately, if it is compromised, it is in the personal identifying information, including name, address, and especially social security number, that individuals are ultimately responsible for self-protection.

Responsibilities do boil down to managing your own personal information, and ultimately making sure that, even if they do get that data, that there’s not a whole lot they can do with it.

Butcher: What should health care executives know about medical identify theft?

Siciliano: First, I think it’s very important that everybody understand the extent of the problem, that the issue of  medical identity theft is becoming an ever bigger problem.

Identity thieves have been working at this for as much as 20 years now, and they’ve figured out just about every single way to compromise our information, and then turn that data into cash.

Over the past few years, they’ve shifted just a little bit and they’re paying even closer attention to our medical information. And throughout the country, I’m seeing more and more reports where you have people checking into hospitals, into clinics, and so forth, and they are posing as the individual who owns this particular social security number and/or insurance policy, and they’re either getting medical treatments under that person’s insurance, or they’re getting pharmaceuticals, prescription drugs, under that person’s medical insurance.

I had the chance to interview Dr. Paul Ginsburg, president of the Center for Studying Health System Change, as a preview to his presentation at the World Congress on Consumer Healthcare and Wellness in mid-September.

Dr. Ginsburg is an economist, nationally recognized for his work in health economics and health policy, especially healthcare market changes and cost trends. He will participate in a panel that addresses something everyone in health care is wondering about:  Will Consumers Be Effective Catalysts to Reform the U.S. Health System?

Butcher: You just released a study that says 56 percent of American adults - that’s more than 122 million people - sought information about a personal health concern from a source other than their doctor during 2007. Does this suggest that Americans are becoming more active participants in their healthcare decision making?

Ginsburg: Oh, yes, they certainly are. American’s interest in their health has increased a great deal, say, over the past decade. We just know how much more space newspapers and television is devoting to personal healthcare issues, and of course we have a lot of development on the internet as far as sites that people can go to seek this information.

Butcher:  Many health plans have developed consumer support tools - speaking of the internet - such as online information about hospital and physician quality, and calculators that help plan members estimate the cost of care. Are consumers using these tools, and if so, how are they using them?

Ginsburg: Well, I’ve spoken to the plans, and the plans are all eagerly developing these tools. So when you ask them, Are consumers using them? They don’t know.

My sense is that this is clearly the direction long-term where plans will play an increasingly valuable role as an information intermediary. But I think we’re at the very early stages of it, and I doubt that there’s a lot of use. I doubt that consumers are depending on it.

One of the chicken-and-the-egg problems is that I don’t think consumers are going to be very receptive to using price information until they have more confidence in understanding the quality of different providers… Consumers can actually act perversely in the sense of not having confidence in the quality information, and equating higher price with higher quality, and thus shifting to higher priced providers, even if they actually reduce their quality of care in the process.

Butcher:  Is America’s healthcare system organized in a way that allows consumers to be effective shoppers for healthcare services? And does the healthcare marketplace respond to consumer behavior in the same way that the retail marketplace works?

Ginsburg: No, the healthcare system is very far from accommodating consumer desires, to the degree they have them, of being effective shoppers. For most cases,  medical care isn’t standardized enough that you can just call up places and, knowing what you need,  find out what the price is and the indicators of quality. Because so much of health care involves diagnosis, checking into what something is going to cost (and learning about) a provider (requires the patient) to invest a lot of time and money to make that call.

If you go to the dentist, if you need an inlay put in, a dentist won’t give you that over the phone because they’re going to say it all depends on the details of your condition. So, you’re going to have to invest the time and money of visiting a dentist to get an estimate.

So, I don’t think the healthcare consumer will ever be able to be as good a shopper as in other areas.