Business of Well-being

The New Rules of Identity Theft Protection for Employees

Anndorie Cromar was in her thirties when Utah's child protective services called to report that her newborn daughter had tested positive for methamphetamine. And because of that, she was at risk of having the state take custody of her children. But the mother of four hadn't given birth recently to anyone. Someone had stolen her health insurance information and delivered a baby girl.


The ordeal took years to straighten out. She was never able to fully settle the hospital bill. Medical privacy regulations prohibited her from viewing her own medical records because they contained the thief's information. She had to go to court to remove her name from the baby's birth certificate. And the child continues showing up on her pharmacy records as a dependent. "To this day, I don't know if my name is in the baby's medical record," she notes. She is not alone.


Nikki Burton was 17 when she was turned away as a blood donor because the Red Cross showed her as HIV positive. Except she wasn't. Her insurance information had been stolen and used by someone else to obtain medical care. It took six years to clear that diagnosis from her medical record. The two women are victims of the fastest growing form of identity crime in America-medical identity fraud. It is perpetrated by criminals whose motives are simple: To make money.


Various estimates put the value of medical identities at 10 to 20 times that of credit card and social security numbers. For employers that take seriously the holistic wellbeing of employees, medical identity theft is an emerging, serious threat. It is growing at about 15 percent a year, and victimizes more than 2.3 million American adults annually, according to the Ponemon Institute.


The end results include disrupted lives and billions of dollars in fraudulent bills and recovery costs for victims and employers alike-an expense absorbed directly by self-insured employers. The Ponemon research highlights some of the other costs of medical identity theft, among them:

  • Personal costs exceed $5,000 for 29 percent of the victims.
  • For 41 percent of victims, it consumed more than 100 hours to remedy the problem
  • More than six months were required to resolve the problem for 86 percent of victims.

But medical identity theft also poses a serious risk to employee health. Corrupted medical records put lives at risk, as allergies, medications, and problem list no longer match one's true health profile.


Medical identity theft has rightly been called the privacy crime that can kill. When a victim's identity is used fraudulently medical records become contaminated with erroneous information such as a false diagnosis or inaccurate medical history. This, in turn, prevents practitioners from effectively treating their patients and endangers the health of the victims.


Medical identity theft is thus, above all, a quality-of-care issue. California Department of Justice Report on "Medical Identity Theft, Recommendations for the Age of Electronic Medical Records" October 2013. While medical identity fraud is the fastest growing type of identity crime, identity theft generally continues its march unabated.


Organizational data breaches, exposing thousands if not millions of records, now average more than three per day in the US. Thieves move fast to monetize stolen identities on the dark web, which has become like Amazon for stolen information. Recent reports highlight the urgency and pervasiveness of the problem:

  • In 2016, 15.4 million Americans were affected, up 18 percent from 2015, according to Javelin Research.
  • The number of US data breaches recorded in 2016 set an all time high of 1,093-a 40 percent increase from 2015, notes an authoritative Data Breach Report by ITRC.

The graphic depiction below illustrates the relentless growth of identity theft-and these are merely the best-known breaches.

The question is no longer "if" employees or members will fall victim to identity theft; rather, it's when and how often. These are the new "rules" of identity crime. And the old rules of identity protection no longer suffice. So what are the new rules of identity protection? In the September 2015 issue of the journal Strategic Finance, a team of academic researchers noted that three to five percent of healthcare spending goes toward fraud and that as much as 21 percent of billing may be fraudulent.


The researchers called for a new model, in which insurers create an information loop with members who receive care, enabling members to review claims from their health providers prior to payment.[i] That model informs the next generation of identity protection. For an employer to fully protect its employees, health insurance information will require the same attention and care that financial institutions have offered to their credit card customers.


The next generation of identity protection will include monitoring not only of credit inquiries and accounts, but medical transactions, dark websites, and much more. In summary, identity theft - including medical identity theft - is a pervasive and growing problem facing employees everywhere - and thus facing employers.


With the growing pervasiveness of identity fraud, it's little wonder that employees and their families now see identity protection as a valued benefit. As forecast by Willis Towers Watson, identity protection is emerging as a rapid growth area within employee benefits, and adoption is expected to reach 70 percent of employers by 2018.


Those employers, along with state and federal policymakers, are increasingly recognizing that criminals engaged in identity fraud are now operating by an entirely new set of rules and that solutions from the past decade do not offer adequate protection for the coming decade's problems.

About the Author

Kevin Renner is Director of Market Development for ID Experts, the largest provider of identity protection to the US government. He received his MBA from the University of California at Berkeley. He has been instrumental in developing and commercializing ID Experts' patented Medical Identity Alert System, known as MIDAS, an integral part of the company's MyIDCare identity protection for employers and employees.[i] James Byrd, Ph.D.; Douglas Smith, Ph.D.; Marily Helms, DBA. Strategic Finance, Sept. 2, 2015

For more information about how to help your employees protect themselves from identity theft, don't miss Kevin's session, How the Growing Threat from Medical Identity Fraud Puts Your Employees & Company At Risk-And What You Can Do About It only at the 9th Annual Employer Healthcare & Benefits Congress, October 2 - 4 in Los Angeles.

Learn about how you can become a Certified Corporate Wellness Specialist→