"Unlike the financial services industry, health care companies lack measures to adequately prevent identity theft, even as they continue to digitize medical records and other sensitive information.
Twelve years ago, when Nikki Burton was 17, she tried to donate blood for the first time. She was denied without explanation. Perplexed, the Portland, Ore. resident called Red Cross headquarters to inquire, only to learn that her Social Security number had been used to receive treatment at a free AIDS clinic in California, rendering her ineligible to donate blood.
Years later, she wondered if, when asked whether she had any preexisting conditions, that instance of fraud might show up. So she called the Red Cross again. The organization told her that it no longer asked for Social Security numbers and she could donate blood without it. “I said, that’s fine for you guys to receive the donation, but that doesn’t solve the problem of that information existing in your system,” Burton says.