Patient identity mix-ups can be disastrous, according to both common sense and statistics.

A new report by the ECRI Institute, a nonprofit dedicated to improving patient care, revealed more than 7,600 cases of “wrong-patient” errors over a two-and-a-half-year period.

In one instance, a patient died while undergoing cardiac arrest because the medical providers thought he had a do-not-resuscitate order. Another died after having the wrong surgery.

The study focused on mistakes made by healthcare providers, but there’s another way you can be hurt by having the wrong information in your file: medical identity theft. And regulations intended to protect consumers in other areas of identity theft are actually part of this problem.

After a healthcare data breach, if someone uses stolen information to fraudulently receive care in your name, your lifetime medical records become contaminated with incorrect information. That can later lead to a misdiagnosis based on a condition you don’t have, a prescription mistake with a medication to which you’re allergic, and other dangerous or inappropriate medical treatment.

Virtually all data breaches put consumers at risk for some version of identity theft, but breaches involving medical identity information can truly put your life or health at risk.

Healthcare organizations know they’re vulnerable, particularly the insurers.

The Medical Identity Fraud Alliance recently did an informal survey of health plans. They found health plans have an average of just one fraud investigator for every 192,000 plan members. These plans reported spending a total of 52 cents per year per member fighting fraud.

Health insurance executives say their hands are tied by the Medical Loss Ratio (MLR) regulatory requirement that they spend at least 80 or 85 percent of customer premiums on claims or quality improvement initiatives. If they come in below that amount, they must issue rebates to their enrollees.

Overall, this seems like a reasonable requirement. The problem is that security measures to protect data or fight fraud are considered administrative expenses and not quality of care improvements. Insurers are effectively barred from spending beyond a certain amount on protections for their customers’ medical identities, protections that could potentially save their lives.

The Medical Loss Ratio rules come from a good place. They were intended to improve transparency and ensure customers got the full value of their premium dollars.

Unfortunately, in this one small but important way, they’re hurting the very people they’re intended to protect.

Click here to read the full op ed piece.

October 6, 2016 By Bob Gregg, ID Experts