Abstract
The Patient Protection and Affordable Care Act of 2010 led to the largest expansion of healthcare coverage since the instantiation of Medicare and Medicaid in 1965. Yet, limited attention has been given to the security aftereffects of the statute, specifically the potential for malfeasance in the form of consumer fraud and identity theft resulting from the vast influx of new patient data residing in various and highly dispersed sources. In this work, we fill this gap by exploiting the phased expansion of Medicaid into different states at different times. Using a difference in difference approach, we explore the data security-related aftereffects of the law. Results indicate a significant decrease in claims of consumer fraud after the expansion of Medicaid, with no robust effect on identity theft. In empirical extensions, we find a material drop in data breaches and compromised records after the expansion of Medicaid. Taken in sum, these findings suggest that the expansion of Medicaid had a consequential effect on the security of consumer data and created significant positive externalities for consumers.
Competing Interest Statement
The authors have declared no competing interest.
Funding Statement
The author(s) received no specific funding for this work.
Author Declarations
I confirm all relevant ethical guidelines have been followed, and any necessary IRB and/or ethics committee approvals have been obtained.
Not Applicable
The details of the IRB/oversight body that provided approval or exemption for the research described are given below:
N/A
I confirm that all necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived, and that any patient/participant/sample identifiers included were not known to anyone (e.g., hospital staff, patients or participants themselves) outside the research group so cannot be used to identify individuals.
Not Applicable
I understand that all clinical trials and any other prospective interventional studies must be registered with an ICMJE-approved registry, such as ClinicalTrials.gov. I confirm that any such study reported in the manuscript has been registered and the trial registration ID is provided (note: if posting a prospective study registered retrospectively, please provide a statement in the trial ID field explaining why the study was not registered in advance).
Not Applicable
I have followed all appropriate research reporting guidelines, such as any relevant EQUATOR Network research reporting checklist(s) and other pertinent material, if applicable.
Not Applicable
Footnotes
↵♠ The authors thank Joshua Wright for his feedback during the development of this manuscript.
Data Availability
Data are available via GitHub please contact the authors for details.