I was thumbing through some library magazines recently, and came across a facinating article in Good Housekeeping. Medical identity theft is still a very rare crime compared with all the other id theft problems, but apparently it’s growing at an alarming rate. The article is full of horror stories, including a pregnant meth addict who stole a drivers license and used it for id at the hospital when she delivered a premature baby (with the id theft victim having to defend her own parenting abilities from officials who wanted to take her children away from her after meth was found in the new baby’s blood).
Even after the victim convinced the officials that she was not the woman who had recently abandoned a baby in a hospital, she had to deal with the medical record nightmare that ensued. Her records now included the perpetrator’s medical history mixed in with her own accurate records. And the hospital wouldn’t let her see her own records for fear of compromising the privacy of the woman who stole her id, since that woman’s records were in the file too. What a mess.
There’s also a mention of a medical office worker who copied files of 1100 patients and sold them to her cousin, who ran a nearby medical office. The cousin then billed the insurance companies of those patients for all sorts of tests and procedures, raking in millions of dollars and filling the victims’ medical records with false information.
Perhaps the most shocking part of the article was the mention that over a third of Fortune 500 companies use medical records in hiring decisions. My first reaction was to question the legality of this practice. Interestingly enough, this is often the reaction we get when we tell a client that she cannot get individual health insurance in Colorado if she is currently pregnant or has a serious pre-existing condition. So I went searching online and within minutes I found pages and pages of references to a study done by David Linowes, former chair of the Presidents Commission on Privatization and the U.S. Privacy Protection Commission. The study found that 35% of the Fortune 500 companies surveyed indicated that they use “personal medical information as a basis for hiring, promotion, and firing decisions.” So I guess my idea of what’s legal in this regard is a little off base.
With the legality issue out of the way, what about the ethical issues involved? Should a company be able to look at medical records for employees or potential employees? That’s a tough one. If the company is paying for health insurance and sick leave for its employees, it certainly seems fair to allow them to choose employees who take basic steps towards a healthy lifestyle. Smoking is a good example, and companies should absolutely be able to determine whether a prospective hire is a tobacco user or not (and choose not to hire those who use tobacco if they feel that is in the best interest of their company). But what about a person who has MS or hemophilia or Type I diabetes? Something that creates large medical bills but was not self-inflicted by the potential employee? Should a company be allowed to see these sorts of things in medical records, and use this information as a basis for personnel decisions? I don’t think so. This issue is especially sensitive in light of the medical id theft issues, since a victim of this type of crime may have all sorts of erroneous data in his medical records and be unaware of the problem.
I guess this means that in addition to checking our credit reports periodically, we should also be requesting our medical records and making sure that the information in them is accurate. One more chore to add to the list of things we have to do to protect our most basic assets – our names.