This note explains the severity of medical identity theft and the state and federal legislative reactions to the problem. Specifically, the note discusses data breach notification statutes that require healthcare providers to notify consumers when the systems holding customer personal information are breached. The note concludes that Ohio’s data breach notification statute, which does not expressly cover healthcare providers, should be amended to protect residents from medical identity theft and provide redress when healthcare providers violate state law.
Note, Ohio's Aggressive Attack on Medical Identity Theft, 24 J.L. & Health 111 (2011)