Medical information fraud rose from 3% to 7% in the United States between 2008 and 2009, according to new research that suggests a correlation between the adoption of electronic medical records and the risk of health-related identity theft.

California-based market research firm Javelin Strategy & Research found that personal information stolen from medical records, including Social Security numbers, health insurance numbers and credit card numbers, can be used in more ways and for longer periods of time than data from other types of identity theft. For example, criminals can use a patient's credit card number to make payments, while using his insurance number to purchase and resell medical equipment.

Criminals who steal information from health records tend to use it for fraudulent purposes an average of 320 days, compared to 81 days for other types of fraud, the study shows. Researchers also estimate it takes twice as long and costs twice as much to detect and deal with health information fraud as it does to deal with other types of identity theft.

Javelin Strategy & Research President James Van Dyke predicts the problem will only get worse as more healthcare providers adopt electronic medical records. "We think medical providers aren't up to the task," he told InformationWeek. "They won't have security best practices in place to match the incidents of fraud."

For tips on how to protect patients' health information, see this month's "Legal Update."

Irene Tsikitas