Medical Identity Theft

February 25, 2008

If you're new here, you may want to subscribe to my RSS feed or get new posts via email. Thanks for visiting!

We’ve all heard of financial identity theft where someone gets a credit card or a loan in a victim’s name.   There is another type which is potentially even worse:  medical identity theft.   While financial identity theft can hurt your wallet, medical identity theft could kill you.

Never Heard of It

Medical ID Theft is when someone uses another person’s name, insurance info, Social Security Number, etc. to get access to medical services.

There are two big problems with this:

1. Financial - A claim is made using your credit and you are stuck with the bill.  This is similar to “normal” identity theft where there are unpaid bills, it nails your credit record, and you have collections after you
2. Medical - Fictitious medical records can be created in your name, so another person’s medical history becomes part of yours

Think about #2 for a second.  You get rushed to emergency, and your medical history shows that you have a certain blood type, or are allergic to a certain type of drug, or have been prescribed some medication.  If doctors are making decisions based on bad information, that could lead to disaster.

Also, you go to apply for a job and they run a medical check and you get denied the job or denied insurance because your medical history shows something false.

How Does it Happen?

Sometimes medical identity theft happens due to theft of information from mail etc., but more often than not the theft is an inside job.  An employee or other insider at a health care provider’s office sells your record for $50 or $60 to a criminal, and then that person uses it or resells it.Organized crime is becoming increasingly involved and the crimes are becoming more and more complex.  There was a case in Milpitas California where they brought hundreds of elderly patients to a fake clinic and offer free checkups.  They then copied the Medicare info and billed the government for services that never happened.

What Can You Do To Prevent It?

The insider nature of most medical ID theft makes it very hard to prevent.  However, there are a few things you can do:

• Check your medical record - It is important to check your medical record.  See if there is anything on there that doesn’t belong.  Here is a state-by-state breakdown of how to get your medical records
• Guard your Medicare/Medicaid card -  Protect it as stringently as you do your SSN.  Do not carry it around with you and do not give it out unless absolutely necessary
• Ask for listing every year of all benefits paid by insurers - You will be able to see if anything is being billed that is not legit
• If you find that you’re the victim of financial identity theft or a data breach, think of the medical implications as well

Hey, I Still Have My Appendix!

Unfortunately, getting medical ID theft cleared up is even harder than other kinds.   Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), health care providers and insurers have up to 90 days to respond to a request for an amendment.

When you contact the provider, you will likely have to fill out a form (surprise surprise).

Notice how I said the provider has 90 days to respond.  I didn’t say they have 90 days to fix the error.  In fact, the HIPAA does not require providers or insurers to remove incorrect information.  The preferred way to deal with it is to mark it as “incorrect” and add a correction.

I understand the need to keep a record of what has been done, but there needs to be some provision for removing completely false information.  Just simply marking it is not good enough.

The World Privacy Forum has a very good FAQ outlining the issues that a medical identity theft victim faces.

Do you know anyone who has been a victim of this type of identity theft?  Were they able to take any action to get things cleared up?

Related Posts

Posted in Identity Theft, Medical