AusCERT 2012: Lack of security aiding medical fraud, identity theft

AusCERT 2012: Lack of security aiding medical fraud, identity theft

Medicare cards have no identifiers while prescription slips can be easily forged, says Queensland Health investigations officer

Queensland Health Drugs of Dependence Unit investigations officer. Rebecca Thompson.

Queensland Health Drugs of Dependence Unit investigations officer. Rebecca Thompson.

Queensland Health Drugs of Dependence Unit (DDU) investigations officer, Rebecca Thompson, has highlighted security flaws within the Australian health system, such as the lack of a photo or PIN on Medicare cards, which is allowing drug addicts to potentially use lost or stolen cards to obtain powerful prescription drugs.

Thompson, speaking at the AusCERT security conference on the Gold Coast, told delegates that Medicare cards do not currently have unique identifiers such as a photo, signature or PIN meaning that potentially anyone could present the card to a pharmacist.

“You just have a green piece of plastic with some names embossed on it. If the card was lost or stolen would you know if your medical identity had been compromised?,” she said.

“The sheer number of people who don’t report theft of their Medicare card is astounding, they don’t see the card as having any value but it’s another form of identity.”

Thompson, whose unit receives a copy of every prescription for controlled drugs dispensed via community pharmacies in Queensland, also gathers information on registered drug addicts who have been part of the state’s methadone program.

Adding to the Medicare card theft problem for Queensland Health DDU was theft of prescription pads from doctors by addicts who forged signatures to obtain drugs such as morphine and the legal practice of “doctor shopping” where patients could visit different doctors and obtain multiple prescriptions which would then be processed at different pharmacies.

This alert would not be picked up until the unit had received the prescription details which Thompson said could sometimes take weeks.

She added that another issue which was helping addicts obtain prescriptions without detection was the national, rather than state, registration of doctors.

“In the past, doctors had to be registered in the state that they practiced which meant any prescription that they wrote could only be dispensed in that state," Thompson said. "However, under national registration, a doctor can write a prescription in Brisbane and the patient might travel to Perth and get the script dispensed.

“There is no continuity of data being tracked between the states to monitor who has had what [drugs], when, and how much.”

Thompson said some addicts preferred medical opiates such as pethidine because they were in a pure form--unlike drugs purchased on the street which were often cut with other ingredients--and could be easily obtained.

“The person just has to go to their doctor, tell them they’ve got a bad back because they’ve done some Googling on the condition and can define the symptoms, and they’re most likely to get some opiate prescription for the `pain’,” she said.

However, addicts were in danger of collapsed veins because the prescription drugs were usually ground up and injected, a form of ingestion they were not designed for.

In addition, addicts were turning to the practice of what is sometimes referred to as `fossil farming’ where a person would take an elderly relative to doctors in order to use the relative’s illness to gain access to certain drugs.

“Quite often that means the elderly person is not getting the treatment that they need,” she said.

Thompson said she would like to see unique identifiers on Medicare cards and a state by state co-ordinated approach to electronic prescription record keeping to try and crack down on addicts obtaining multiple prescriptions.

“I see cases of medical identity and fraud all the time and the problem is getting worse,” she said.

Hamish Barwick travelled to AusCERT 2012 as a guest of AusCERT

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CERT AustraliaQueensland Health

Show Comments