Six Criteria to Help Your Organization Avoid Medical Identity Theft

Post Date: 12/10/2014
feature image

I recently wrote an article for MedCity News discussing how organizations can help prevent medical identity fraud for their patients or customers.

Medical fraud can occur in a number of ways – including medical personnel billing a health plan for fake or inflated treatment claims, falsifying information to obtain prescription drugs, and using another individual’s information to obtain free medical care. Often, these crimes are committed through illegal purchase of Personal Identifiable Information (PII) or by unethical actions from healthcare providers. Whether accidental or purposeful, healthcare fraud leads to loss of trust in providers, hefty fines, and loss of licenses.

Medical identity theft is perhaps the most frightening of all forms of identity theft, although not the most widely discussed. It occurs when someone uses a person’s name or other parts of their identity –  such as insurance information – without the person’s knowledge to obtain medical services or goods. While the intention is to obtain medications, prescriptions, or to falsely bill insurance providers, the risk to the victim may be quite serious – including inappropriate and improper medical treatment. While this is a critically important issue, little research about it has been done.

In the article, I introduce six functionalities health insurance and medical services organizations should look for when implementing a new Health Information Technology (HIT) system in order to avoid medical identity theft. They include:

  • Discover data across multiple information gateways in your enterprise in order to shed light on dark data and other potential sources of risk. Sensitive information may not be obvious at first glance but can open up an organization to an array of issues if leaked.
  • Scan content in motion or at rest against out-of-the-box or customized checks for a wide range of privacy, information assurance, operational security, sensitive security information, and accessibility requirements. Organizations require different levels of security based on regulations, subject matter, and size. Be sure to select a technology with a solid framework that can be customized based on your needs.
  • Drive enterprise classification and taxonomy with user-assisted and automated classification for all content.
  • Take corrective action automatically to secure, delete, move, quarantine, encrypt, or redact risk defined content. These automated actions can reduce costs by eliminating the need for additional resources to continuously monitor information security initiatives.
  • Enhance incident tracking and management with an integrated incident management system in addition to trend reports and historical analysis to measure your organization’s improvements over time.
  • Monitor data and systems on an ongoing basis to demonstrate and report on conformance across your enterprise wide information gateways and systems.

To read more about how reduce the risk of medical identity fraud, please visit MedCity News.

Learn how we can help you create a culture of transparency, action, and trust for your organization by visiting our website today


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.
Share this blog

Subscribe to our blog