Ohio's "Aggressive" Attack on Medical Identity Theft

By Ball, Stanley C. | Journal of Law and Health, Spring 2011 | Go to article overview

Ohio's "Aggressive" Attack on Medical Identity Theft


Ball, Stanley C., Journal of Law and Health


  I. INTRODUCTION
 II. DATA BREACH, IDENTITY THEFT, AND MEDICAL IDENTITY
     THEFT
     A. Data Breach
     B. Identity Theft
     C. Medical Identity Theft
III. FEDERAL LEGISLATION TO PREVENT MEDICAL IDENTITY
     THEFT
     A. HIPAA
     B. The HITECH Act A mends HIPAA
     C. Federal Preemption of State Laws
 IV. OHIO'S DATA BREACH LAW DOES NOT COVER HIPAA
     COVERED ENTITLES
  V. OHIO SHOULD AMEND ITS DATA BREACH NOTIFICATION
     LAW
     A. Ohio's Data Breach Notification Law Should
        Apply to HIPAA Covered Entities
     B. Ohio's Data Breach Notification Law Should Have an
        Acquisition-Based Trigger
     C. Ohio's Data Breach Notification Law Should Require
        Healthcare Providers to Destroy or Encrypt Discarded
        Medical Records
     D. Ohio's Data Breach Notification Law Should Be
        Amended to Give Residents a Method of Recovering
        Monetary Awards Against Covered Entities That
        Violate Ohio's Law
 VI. CONCLUSION

I. INTRODUCTION

We all think we are the foremost authority when it comes to our personal health. We are consciously selective in what we tell our doctors, we confidently use WedMD.com to self-diagnose illnesses, and we even think we are savvy enough to make the medical determination of whether we should receive a flu shot each fall. We feel assured knowing that no one knows or can alter our medical identity without our consent or at least our knowledge. But what if someone can?

In 2009, Brandon Sharp, a 37-year-old manager at an oil and gas company in Houston, Texas, (1) was creating his version of the American dream. He was about to get married, buy his first home, and was in perfect physical condition. (2) Before applying for a mortgage, Mr. Sharp requested a copy of his credit report. (3) Much to his chagrin, his credit report revealed several collection notices under his name for emergency room visits throughout the country and a $19,000 bill for a life flight service. (4)

Mr. Sharp, like an increasing number of Americans, had fallen victim to a crime known as medical identity theft. The crime, defined as the theft or unauthorized use of another's personal information to obtain medical goods and services, (5) is dangerous because it alters the victim's medical identity without the victim's knowledge and may never be detected. (6) Additionally, because there is no national centralized repository for medical records, every time a thief uses the victim's medical identity, a record is created that could be easily mistaken for the victim's medical record. (7)

This note explains the severity of medical identity theft and the state and federal legislative reactions to the problem. Specifically, the note discusses data breach notification statutes that require healthcare providers to notify consumers when the systems holding customer personal information are breached. (8) The note concludes that Ohio's data breach notification statute, which does not expressly cover healthcare providers, (9) should be amended to protect residents from medical identity theft and provide redress when healthcare providers (10) violate state law.

Section II of this note describes the nationwide problem of medical identity theft. It begins with an overview of data breach and general identity theft. The section then explains the difference between general identity theft and medical identity theft, and why the latter is more harmful to the victim.

Section III illustrates the federal legislative response to data breaches in the healthcare industry. The section also explains how all healthcare providers are subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (hereinafter "HIPAA"). The section explains the Act's 2009 amendments, known as the Health Information Technology for Economic and Clinical Act. Lastly, the third section illustrates the interaction between state and federal law, and how federal legislation allows for state regulations regarding data breaches. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Ohio's "Aggressive" Attack on Medical Identity Theft
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.