Diagnosis: Identity theft

When Ryan tried to correct his records, he discovered how difficult it can be for victims to clear their names. The hospital wouldn't let him see his own medical records when they determined that the signature on the driver's license Ryan handed them didn't match the signature that the perpetrator had used when he checked in.

"They said I couldn't be Joe Ryan," he recalls. Though the hospital eventually absorbed the loss, Ryan says he hasn't been able to erase the supposedly unpaid debt from his credit record. With his credit ruined, Ryan says, he had to pay a stiff interest rate -- 6 points over the prime rate -- when he refinanced his plane, and his insurance company jacked up his premium.

"It has been like a glacier moving over me," he says. "I'm just screwed because I'm going to lose my airplane, my business and my credit rating."

In other instances, the thief can be a patient's own doctor. Debra Herritt discovered that after she and her husband began seeing a Boston psychiatrist, Richard P. Skodnek, in the 1990s. After two years of therapy, Herritt began receiving statements from her insurer, Blue Cross & Blue Shield Association of Massachusetts, showing that Skodnek had billed Blue Cross for sessions the Herritts had already covered. What's more, Herritt learned that Skodnek had also billed her son and daughter for psychiatric sessions that Debra says never occurred. "My children had never laid eyes on him," she says.

Fortunately for Herritt, federal investigators were already on Skodnek's trail for defrauding other patients, and in 1996 the psychiatrist was convicted on 136 counts. Even then, Herritt says she spent the next couple of years trying to convince Blue Cross that her children had never been treated for depression.

"It was an incredible invasion of their lives," Herritt says now. "I just pray this doesn't come back to haunt them somewhere down the road."

'You'd be astonished'

Law-enforcement authorities complain that many health-care facilities do too little to protect their patient data. Case in point: In 2006, federal authorities arrested a scheduling clerk at the Cleveland Clinic's Weston, Fla., hospital who allegedly had passed on the personal identification information of more than 1,100 patients to her cousin -- who in turn submitted $2.8 million in false claims to Medicare.

"Hospitals have done a poor job of implementing security procedures on their computer systems," one federal investigator says. "You'd be astonished how many people have access to your medical records."

Cleveland Clinic officials say they notified law-enforcement officials when fraud was detected and that they've since conducted an internal risk assessment to prevent such a problem in the future.

In their defense, health-care executives say they've taken steps in recent years to deter identity thieves. Some hospitals, for instance, have begun reprogramming their computer systems to restrict staffers from accessing any patient data beyond what they need to do their jobs. Some have instituted procedures to ensure patients are who they claim to be.

Among them is the University of Connecticut Health Center in Farmington. After one patient impersonating a distant relative gained admittance and ran up more than $76,000 in bills in his cousin's name, hospital administrators began requiring anyone seeking treatment to produce picture identification.

"We've since had instances where patients say, 'I left my ID in the car,' then leave and never return," says Marie Whalen, the center's assistant vice president for ambulatory services. I 2007, Whalen says, the center began scanning these picture IDs into their files to help staffers confirm each patient's identity on subsequent visits.

"Most people are fine with that," she says. Indeed, it may be a small price to pay to avoid ID theft.

< previous |  1 | 2 |