RT Journal Article
SR Electronic
T1 Expanding Risks: Medicaid Expansion and Data Security
JF medRxiv
FD Cold Spring Harbor Laboratory Press
SP 2024.06.30.24309745
DO 10.1101/2024.06.30.24309745
A1 Clement, Jeffrey
A1 Greenwood, Brad N
A1 D’Arcy, John
A1 Angst, Corey
YR 2024
UL http://medrxiv.org/content/early/2024/07/01/2024.06.30.24309745.abstract
AB The Patient Protection and Affordable Care Act of 2010 led to the largest expansion of healthcare coverage since the instantiation of Medicare and Medicaid in 1965. Yet, limited attention has been given to the security aftereffects of the statute, specifically the potential for malfeasance in the form of consumer fraud and identity theft resulting from the vast influx of new patient data residing in various and highly dispersed sources. In this work, we fill this gap by exploiting the phased expansion of Medicaid into different states at different times. Using a difference in difference approach, we explore the data security-related aftereffects of the law. Results indicate a significant decrease in claims of consumer fraud after the expansion of Medicaid, with no robust effect on identity theft. In empirical extensions, we find a material drop in data breaches and compromised records after the expansion of Medicaid. Taken in sum, these findings suggest that the expansion of Medicaid had a consequential effect on the security of consumer data and created significant positive externalities for consumers.Competing Interest StatementThe authors have declared no competing interest.Funding StatementThe author(s) received no specific funding for this work.Author DeclarationsI confirm all relevant ethical guidelines have been followed, and any necessary IRB and/or ethics committee approvals have been obtained.Not ApplicableThe details of the IRB/oversight body that provided approval or exemption for the research described are given below:N/AI confirm that all necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived, and that any patient/participant/sample identifiers included were not known to anyone (e.g., hospital staff, patients or participants themselves) outside the research group so cannot be used to identify individuals.Not ApplicableI understand that all clinical trials and any other prospective interventional studies must be registered with an ICMJE-approved registry, such as ClinicalTrials.gov. I confirm that any such study reported in the manuscript has been registered and the trial registration ID is provided (note: if posting a prospective study registered retrospectively, please provide a statement in the trial ID field explaining why the study was not registered in advance).Not ApplicableI have followed all appropriate research reporting guidelines, such as any relevant EQUATOR Network research reporting checklist(s) and other pertinent material, if applicable.Not ApplicableData are available via GitHub please contact the authors for details.