High-profile cases of multiple identity theft aren't only problems for firms such as Citibank, Bank of America and Lexis Nexis - hospitals are vulnerable, too, as demonstrated by a recent crime in the suburbs of Washington, D.C. The AHA urges its members to review their privacy policies and procedures for protecting patients' personal information.

In the Northern Virginia incident, a hospital employee was arrested for allegedly stealing personal information from 35 patients and seven nurses and using that information to open fraudulent credit card accounts. The employee has been charged with conspiring to commit identity theft and violations of the Health Insurance Portability and Accountability Act's privacy provision on disclosing medical information.

Appearing on the July 22 Fox Morning News Show in Washington, Rick Wade, AHA senior vice president for strategic communications, noted that the ID theft at the hospital was an isolated incident, and that hospitals have strict policies and procedures to protect such patients' personal information. Nonetheless, the incident shows hospitals are vulnerable, and Wade urged "all hospitals to review their privacy policies and procedures and close any gaps they may have in their procedures to ensure this doesn't happen again."

He suggested hospitals also advise patients to minimize the amount of personal information they bring to the hospital; encourage themto talk to the hospital privacy officer about any privacy concerns; and to contact authorities to report any suspicious behavior.