Mark Twain once noted, and I paraphrase, “there are lies, damned lies, and statistics.” There is also the observation that “to lie with statistics is easy. To lie without them is easier.” What all this means is that when reporting a statistic, one also has to consider the information that makes up that stat.
Unfortunately, I only have a number, so I’m slightly loath to report this but here it goes….
According to the HIPAA Blog,
Roughly 5.8% of American adults have been victims of medical identity theft, with $20,160 being the average cost per victim.
The author of the blog picked up the figure at a lunch sponsored by Scott & Scott and Chartis.
Drawbacks to the Stat
The latest US population count lies somewhere around 307 million. 5.8% translates to 17.8 million people and a total cost of–wait for it–$359 billion dollars.
That’s a mind-boggling amount of money. As a reference point, Microsoft’s combined revenues for 2005 to 2009, inclusive, is $254 billion.
Of course, for the medical ID theft, we have no reference point whatsoever: are the stats for last year? Or perhaps a combined total for the last 10 years? If so, what does 5.8% figure really mean?
I wish some kind of supporting data had also been provided…
Would Hard Disk Encryption Make a Dent on That Figure?
Medical facilities have to comply with HIPAA/HITECH, and the use of encryption software is, for the lack of a better word, actively encouraged.
I would assume that the use of encryption would curtail, or at least impact, the theft of medical information. However, there is no way to know. Consider all the ways that medical information can be stolen besides surreptitiously lifting laptops and external drives:
Internal attacks (less than ethical doctors, nurses, EMTs, etc)
Lost or stolen paper documents, folders, etc.
A server hacking incident
With the exception of the last one, where file encryption or database encryption could prevent access to sensitive data, there is no way for encryption to prevent theft. Digital data encryption can’t be used on paper documents, and how can encryption stand against someone who has the required passcodes for accessing encrypted data in the first place?
On the other hand, the rate of lost or stolen computers and external data devices (such as USB devices) is high enough that encryption can’t be left on the backburner.