Abstract
The Patient Protection and Affordable Care Act of 2010 led to the largest expansion of healthcare coverage since the instantiation of Medicare and Medicaid in 1965. Concerningly, prior research suggests this large influx of new patient data across the various and highly dispersed sources may create new potential for malfeasance in the form of consumer fraud and identity theft. We exploit the phased expansion of Medicaid into different states at different times to assess whether this expansion subsequently drove increased fraud and identity theft. Using a difference in difference approach, we explore these data security-related aftereffects of the law. Surprisingly, results indicate a significant decrease in claims of consumer fraud after the expansion of Medicaid, with no robust effect on identity theft. In empirical extensions, we also find a material drop in data breaches and compromised records after the expansion of Medicaid. Taken in sum, these findings suggest that the expansion of Medicaid had a consequential effect on the security of consumer data and created significant positive externalities for consumers.