Electronic Medical Records and Identity Theft

The truth about electronic medical records and identity theft

If you’ve ever seen the movie The Social Network, you may have been amazed by the hackathon scene. If you are not familiar, a bunch of eager job-seeking computer programmers were challenged to hack into a secure web server in 10 minutes or less. If they were able to hack into an unauthorized computer system in a short period of time, they would get the job at Facebook.

While it’s all fun and games in the movies, hacking into a computer system is not the same in real life. There are identity thieves trolling the Internet looking for a way to get access to personal information. There used to be a high rate of financial identity thieves, but now hackers are getting smarter and turning to the medical industry to steal identities.

Why are identity thieves turning to the medical industry?

According to a report released from Ponemon Institute, medical identity theft is a $30 billion dollar a year industry. In fact, details from the same report revealed that over 1.8 million people in the U.S. were victims of medical fraud in 2013.

It makes you wonder why stealing an individual’s medical identity is so prevalent in today’s society. The simple answer is: getting access to patient’s electronic medical records is more valuable than obtaining credit information. But, why?

Simply put, when a hacker gets access to a person’s medical records he will be able to access a myriad of information that includes the name, social security number, insurance plans and a plethora of other sensitive information. With this information, a medical identity thief can create fake identification cards and use the victim’s information to obtain the following:

  • Prescription drugs
  • Medical equipment
  • Surgery
  • Create false insurance claims
  • Financial Fraud
  • Subsidized medical care


If hackers can get into electronic medical records so easily why are most healthcare institutions using them?

Whenever a person goes to the doctor’s office, fills a prescription or provides information to a healthcare provider, the information is stored in the provider’s database. Unlike financial information, where it is stored by credit bureaus, medical records and patient related information is spread across each medical facility visited. This makes it difficult for healthcare providers to communicate with people involved with the patient information. Electronic health records will typically have a patient’s full medical history which includes:

  • Symptoms
  • Allergies
  • Lab results
  • Diagnostic test results
  • Immunizations
  • Diagnosis

By having a streamlined system, electronic health records can provide organized systems, efficient service, reduce the amount of human error, enhance patient security and improve the quality of care.

This begs the question: If electronic medical records are the “holy grail” of improved patient care, why are hackers able to get easy access to them? The truth is: most healthcare professionals and hospitals simply don’t invest in cyber security. Some healthcare professionals have systems that are over a decade old. What would you rather invest in; a new X-ray machine that saves lives or a cyber-security system that prevents hackers? There are some healthcare professionals who believe in upgrading their security systems; however, when they improve and invest in security systems, they often face certain challenges such as:


  • Inefficient security systems
  • Poor implementation of security systems
  • Invest in the wrong systems for their needs
  • Improper training of staff
  • Poor planning
  • Usability issues


The Affordable Care Act actually made it a requirement for healthcare professionals and hospitals to switch over to electronic health records. They hoped that the transition would reduce the amount of paperwork, reduce costs, decrease human error, and improve care. When electronic health records are used correctly and handled by a well-trained medical staff, they can provide a sense of relief for hospitals and medical practices. However, the system is just as important as the medical professionals who handle it. Therefore, when it comes to investing in an electronic health records system, you want to ensure that you are investing in a system that complies with HIPAA guidelines. These guidelines include making sure your electronic medical records have the following:

  • Access control with unique user IDs, passwords, and PIN numbers
  • Encryption and decryption of stored information
  • Audit trail/logs
  • Emergency access procedures


Can medical fraud be stopped?

While it’s virtually impossible to eliminate medical fraud, it is possible to reduce the risk of your medical records being stolen. The key is to provide enhanced medical data protection, strong authentication, and data encryption. The way you can do this is hire a document management company that can handle all of your electronic medical record needs.


If you would like to know more about how we can help you implement and manage your electronic medical records, give us a call today and request a free consultation!



Source: http://www.ponemon.org/blog/2013-survey-on-medical-identity-theft




What We Do

SIS NW, Inc. is focused on providing cost saving solutions for eliminating paper in your business and automating paper intensive processes. SIS NW, Inc. provides services to all types of industries, with a strong emphasis on health care solutions.

We can help you find that competitive edge that allows you to operate leaner and faster while providing better service to your customers by having information instantly available.

Contact us today for a free consultation to help you identify your paper pain points.



2701 NW Vaughn St #148
Portland, OR 97210
P: 503-715-0299
F: 503-715-0302


2414 SW Andover St #E140
Seattle, WA 98106
P: 206-686-2810
F: 206-686-2840

Email Signup

The SIS NW Continuum provides us with a mechanism to pass along helpful information and educational materials as well as information about events you might be interested in.

  • This field is for validation purposes and should be left unchanged.