New Security Survey Finds Nearly One-Third of Healthcare Organizations Had At Least One Known Case of Medical Identity Theft

By Thomas Ahearn, ESR News Blog

A new survey released in November on security at healthcare organizations has revealed that nearly one-third of respondents said their healthcare organization had at least one known case of medical identity theft, and that some cases the medical identity theft may never be reported.

According to the 3rd Annual Healthcare Information and Management Systems Society (HIMSS) Security Survey, sponsored by Intel, while approximately two-thirds of respondents reported that their healthcare organization had policies and procedures in place addressing security breaches, almost one-third of respondents (31 percent) reported that their healthcare organization had at least one known case of medical identity theft.

Overall, the HIMSS Survey – which interviewed 272 Information Technology (IT) and security professionals at hospitals and medical practices – found that medical practices lagged behind hospitals in nearly every measure of healthcare IT implementation and security. For example:

  • Only 17 percent of respondents working for a medical practice were likely to report a security breach such as medical identity theft at their healthcare organization compared to 38 percent of respondents working for a hospital organization.
  • One-third of medical practices reported they did not conduct a risk analysis.

For the survey, ‘medical identity theft’ was identified as “the use of an individual’s identity-specific information such as name, date of birth, social security number, insurance information, etc. without the individuals’ knowledge or consent to obtain medical services or goods. It may also extend to cases where an individual’s beneficiary information is used to submit false claims in such a manner that an individual’s medical record or insurance standing is corrupted, potentially impacting patient care.”

The 3rd Annual HIMSS Security Survey, sponsored by Intel and supported by the Medical Group Management Association (MGMA), reports the opinions of IT and security professionals from U.S. healthcare provider organizations on issues surrounding the tools and policies in place to secure electronic patient data at healthcare organizations from security breaches such as medical identity theft.

For more information about identity theft, read the Employment Screening Resources (ESR) News Blog stories tagged ‘identity theft’ at

Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. ESR is recognized as Background Screening Credentialing Council (BSCC) Accredited by the National Association of Professional Background Screeners (NAPBS®) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit