Medical identity theft has become one of the fastest growing forms of identity theft in the United States. More than 2.3 million cases were identified in 2014, a rise of 22 percent in just one year, and the numbers have continued to accelerate. The Federal Trade Commission reported a 40 percent jump in cases in 2017.
What is Medical Identity Theft?
Medical identity theft takes place when someone uses your personal information to steal medical, services, goods, and prescriptions. This can range from simple doctors’ office visits, the wheelchairs and durable medical equipment, all the way up to surgeries.
Personal information can be a Social Security number, your address, a Medicare or Medicaid card, your Personally Identifiable Information from a current private health plan, or any other number of related healthcare data or prescription histories.
Your medical identity information is a valuable commodity that can be used to falsify insurance claims or acquire government medical services, including Medicare and Medicaid. Some people will steal your medical information and sell it on the black market, creating new identities for other people using your personal data.
A lost wallet or a stolen purse can lead to years of misery, even if you file a police report and cancel all your credit cards and health accounts. Often, victims can be unaware that medical identity theft is taking place for many years. It’s not uncommon that people find out when their credit report takes a significant hit, or they are turned down for new credit because they were unaware that someone else was running up medical bills in their name.
There are some cases where medical identity theft also takes place knowingly when people share their medical coverage with uninsured friends or family members. As you can guess, this is absolutely against the law.
Health professionals are also part of the problem. There are numerous instances of doctors and medical offices using a patient’s health information without their knowledge to submit fraudulent bills to insurance companies. It’s possible to rack up hundreds of thousands of dollars of fraudulent charges before perpetrators are caught, if ever.
Why Medical Identity Theft is on the Rise
As the medical industry has migrated to electronic records, access to services and records are available online, making some an easy target for sophisticated thieves. Hacking of medical records and information has risen dramatically in recent years.
One of the most notable instances of medical identity theft took place a few years ago when theives stole 70 million records from the health insurer Anthem.
The unintended fallout from this is that when someone else uses your medical information, it can create serious medical record problems. Your treatment, history, and diagnoses can often get mixed up with a person who has appropriated your medical identity.
According to the Medical Identity Fraud Alliance, as many as 20 percent of medical identity theft victims are given the wrong diagnosis or treatment, or that their care is delayed due to confusion about their medical records.
Another reason it’s on the rise is that the cost of medical services is on the rise. Healthcare costs have become a major flashpoint of public debate, fueled by increased costs that consumers must pay for coverage and treatment. As consumer costs rise, the temptation to commit medical identity theft and fraud becomes more appealing.
Some other types of financial identity theft are protected under the Fair Credit Billing Act. For example, if someone uses your credit card without authorization, you are liable for only $50 of unauthorized charges when you follow appropriate notification steps.
That’s not the case with losses resulting from medical identity theft. According to one study released in 2015, almost two-thirds of victims had to pay an average of more than $13,000 (including attorney’s fees) to resolve their cases.
Institutional medical identity theft against large insurance providers and government programs can cost consumers dearly, resulting in higher premiums or increased taxes. One estimate from 2012 put the total economic impact of medical identity theft in the U.S. at $41.3 billion, a number that has undoubtedly risen since that time.
Another reason medical identity theft is on the rise is that trafficking in stolen medical information is lucrative. On the black market, Social Security numbers are resold for one or two dollars, but medical profiles can go for as much as $60 to $70.
The problem for healthcare providers is that while they want a secure environment for medical records and personal information, it’s also critical for doctors to be able to readily access and share health-related information to provide timely diagnoses and treatment for patients. This is especially true in an emergency.
Are You in a High-Risk Group?
Some groups of people are more vulnerable to medical identity theft than others. If you’re in one of those groups, you must be even more vigilant to guard against theft.
Older adults and people on Medicare are primary targets. Thieves will attempt to not only gain medical information but Social Security numbers as well. This will give them access to many kinds of fraud. Studies have shown that older adults are more susceptible because they are less suspicious about giving up personal health information.
Children’s records are also a big target as well. A minor’s credit report is generally not tracked by parents until the child gets credit in his or her name. Until then, the thieves can rack up bills and create a long list of unpaid debts that will go unnoticed, sometimes for years.
Other susceptible groups include people with chronic conditions such as cancer or diabetes. That’s because the more interactions a patient has with a healthcare provider, the more opportunities there are for their records to be accessed and stolen.
Heavy users of social media can also be at risk as well. Lots of times, a heavy user will post a lot of personal information on sites and apps. When paired with other data a thief has gotten, it can unlock the door to a lot of possible abuse.
How to Protect Yourself
There are several things you can do to protect yourself against medical identity theft:
- Review all medical bills. Look for an explanation of benefits from your insurer and crosscheck to see if there are any listings for office visits you didn’t make or treatments you did not receive.
- Challenge any bill you get for treatment you did not receive.
- Shred all outdated insurance forms, physician statements, prescription paperwork, and other documentation containing your medical information. It’s not enough to simply throw it away. Thieves can retrieve and steal your information by going through your trash.
- Check your credit reports at least once a year, more often if you use medical providers frequently. Be on the lookout for health care expenses you don’t recognize.
- You can get one free report every 12 months from Experian, Equifax, and TransUnion.
- Be wary if you get a call from a debt collector about a medical debt that you did not incur.
- Under HIPAA, you have the right to an accounting of disclosures. It is a record of
disclosures of personal health information made by health care providers or insurers. The record shows what, when, and why the information was disclosed, and the recipient of the information.
- Do not give out any personal information over the phone from someone claiming to be with your insurance provider or Medicare. You may also be induced to give out your information in exchange for free introductory medical services or products.
- If you lose your Medical ID card or someone steals it, contact providers immediately so it can be canceled and a new one issued.
- Keep accurate records of your doctors’ appointments, prescriptions, and medical procedures. This will make it easier for you to dispute any errors or identity theft-related issues.
- At least once a year, ask your insurer for a full list of benefits paid in your name.
- Sign up for identity theft protection. Several companies can monitor your personal information, including medical data, so keep a close eye on your credit reports. When a red flag pops up, you’re notified so that you can minimize or stop any thefts from taking place.
What to do if You’re a Victim
If you are the victim of a large breach of medical records, you will be notified by the provider that there was a breach, and they will detail what actions you can take to make sure you are not personally a victim.
Providers continue to take steps to prevent medical identity theft. This includes using advanced software to detect billing fraud, more training for employees to spot fraud before it happens, and other screening measures such as finger or palm prints to reduce the frequency of theft.
If you suspect you are a victim of medical identity theft, start by contacting your healthcare provider to see if a mistake has been made.
You should also file a police report where you live. Give a copy of the police report to your medical providers, credit bureaus, and insurance companies.
If you are a Medicare recipient, report questionable charges by calling 1-800-MEDICARE or contact the Senior Medicare Patrol for assistance at 1-877-808-2468.
If you suspect Medicare fraud, contact the Office of the Inspector General Fraud Hotline at 1-800-HHS-TIPS.
Consider submitting an identity theft report to the Federal Trade Commission. Doing so will help show parties evaluating your identity theft claims that your theft is real. In some cases, creditors or billing departments may require a police report before erasing fraudulent charges from your accounts.
Also, get copies of the medical files related to the theft and take steps quickly to correct mistakes and stop further use of your information.
For More Information
If a health care provider has not allowed you to see your medical records, file a complaint with the Office of Civil Rights at Health and Human Services by calling 1-800-368-1019.
To understand where your information may go after a data breach, read this article.
You can also learn about what happens when a person’s identity information is stolen by someone they know.
You might also contact a consumer watchdog organization like the Identity Theft Resource Center for additional information and help.