Doctor, doctor, I think I’ve been the victim of identity theft

I’ve been reading about the epidemic of medical identity theft in the U.S.

The literature says that sometimes it’s worth stealing someone’s identity in order to obtain medical treatment and then have it billed to the victim. But you might be interested to know what there’s an epidemic of medical theft going on in the UK as well. It’s just that here it’s doctors identities that are being stolen, not patients.

A banned doctor who stole another doctor’s identity and treated 3,000 patients has been jailed. Levon Mkhitarian, 36, of Renaissance Walk, London, pleaded guilty to fraud after he was caught impersonating a doctor while working in Ashford, Kent.
Mkhitarian, who was originally from Georgia, had been banned by the General Medical Council, but began forging documents to gain employment.

[From Banned doctor Levon Mkhitarian jailed after treating 3,000 patients – BBC News]

It’s one thing to open a bank account using a photocopy of a gas bill, but I would have assumed that hospitals employed more rigorous identification and authentication processes than banks do. So what barriers did Mr. Mkihtarian have to navigate to perpetrate his fraud? What high-tech methods did he have to circumvent to dupe the NHS? I expect he had to use a scanning electronic microscope to obtain the private key from a smart card and then crawl through a corridor criss-crossed with laser beams and then blow open a safe or… something… oh, wait…

He made up a CV, bank statements and energy bills, medical degree and training certificates.

[From Banned doctor Levon Mkhitarian jailed after treating 3,000 patients – BBC News]

So let’s get this straight then. The hospital was unable to detect the made-up CV, unable to detect the forged bank statement, unable to detect the fake utility bills, unable to determine that the medical degree was bogus and unable to validate the training certificates. In other words, to summarise, everything is broken.

Why didn’t they just use LinkedIn? If I worked at a hospital and somebody was applying for a job as a doctor with me, then the first thing I would do would be to look them up on LinkedIn. (Or maybe there’s some start-up I don’t know about that is already setting about creating LinkedIn for medical personnel in which case I’d use that instead.) But let’s just say LinkedIn for the time being. If the person applying for the job doesn’t exist on LinkedIn then I would naturally just throw the CV in the bin. I had experience of this recently in a corporate context when I was contacted by someone in the US in relation to some client business. I’d never heard of this person before and I didn’t want to waste time putting together some detailed responses to their questions (our responses having some commercial value in my judgement) so I asked them for their LinkedIn profile and was told, by the person in question, that they don’t have a LinkedIn profile because they prefer to remain private (as memory serves, I think he may have said “under the radar”). I paid no further attention.

If the person does exist on LinkedIn, then there is a resolvable chain that means that I can establish whether the credentials are real or not and in the future reputation economy I’m sure there will be a simple button I can click to do it for me and display the name in green if everything checks out, red if doesn’t.  Still, at least Mr. Mkihtarian was doctor, even if he’d been struck off. What’s much more worrying is that in the NHS you don’t actually need to be a doctor at all in order to practice medicine.

A woman has been charged with fraud after allegedly pretending to be a doctor at GP practices across the country… The 29-year-old, from Maidstone, in Kent, allegedly had no medical qualifications but was thought to have used a name and registration number with the General Medical Council belonging to a real doctor.

[From ‘Fake locum GP’ who worked in practices across Britain charged with fraud | Daily Mail Online]

Actually, I suppose most of the time that I go to the doctor I don’t really care if he or she is real or not, I just want them to give me some antibiotics or whatever. So I won’t get paranoid about this. My own personal paranoia about medical identity theft, and it’s not just because I’m English, is centred not on fake doctors but on fake dentists.

Ghulam Kibria’s sham surgery aroused suspicions after the 34-year-old started advertised on popular discount site Groupon… But Manchester Magistrates Court heard he had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist.

[From Exposed: the fake dentist who ran bogus Manchester city centre practice – Manchester Evening News]

I’m staying calm. Deep breath. I guess that might be a one-off, so I’m not going to get too worked up unless… no, wait… Aaaarrrrrrghh!!

A bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered. Vinisha Sharma used a fake degree certificate to register with the General Dental Council (GDC) and was employed by seven different hospitals where she operated on patients under supervision.

[From Bogus NHS dentist earned £230,000 over nine years after bosses failed to spot fake qualifications | Daily Mail Online]

What? So the General Dental Council don’t even check if dentists actually really do have a degree!!! You know, there are some kinds of fraud that are more important than credit card fraud, and they are all growing. I think that in a few years from now, when ownership theft on the thingternet makes identity theft from large retailers look like a picnic in comparison, we’re going to look back with nostalgia on a time when fraud gangs only stole the banks’ money and not your house or X-rays or teeth.