Understanding Medical Identity Theft
What is it?
Medical identity theft is a criminal act that occurs when a person uses someone else’s personal information, such as name and insurance card number, without that individual’s knowledge to obtain or make false claims for medical services or goods. Unlike financial identity theft, medical identity theft can harm its victims by creating false entries in their medical records at hospitals, doctors’ offices, insurance companies, and pharmacies. These false changes made to victims’ medical files and histories can remain on record for years without discovery or correction.
Victims of medical identity theft can receive inappropriate medical treatment including potentially harmful medication, exhaust their health insurance benefits, and subsequently lose both life and health insurance coverage. They can even fail screening exams for employment due to the presence of diseases and other conditions in their health records that are not theirs but rather belong to the individuals who stole the identities.
To compound the problem, health care systems are increasingly moving away from paper-based charts to computer-based or electronic medical records (EMR). This may make it more difficult to recover from medical identity theft as these incorrect medical entries and/or fictitious medical records are transmitted and stored for legitimate reasons throughout the computerized patient record networks of various providers, payers, and others involved in health care. Of course, the financial consequences of this crime remain the same as financial identity theft: serious blemishes on credit reports, unpaid bills, harassing phone calls from collections agencies, etc.
What Medical Identity Theft is Not
Some ID theft cases may occur in a health care setting, but are not necessarily medical identity theft. If a lab technician at a hospital steals patient credit card information or other financially-related identity information and uses that information to buy goods, this is a criminal act but not medical identity theft. It is financial identity theft. The medical identity of the person was not used or abused even though his/her financial information was used.
Some health care fraud cases involve the alteration of patient information, but are not medical identity theft. A clinician who wishes to cover up a medical error may alter a patient’s record. This does not involve the use or abuse of the identity information of the patient. While quite clearly fraudulent and unethical behavior, it is not medical identity theft.
Some people may willingly share their personal information. If you allow someone else to impersonate you to obtain medical care, it is not identity theft but it is still a crime.
Who are the perpetrators?
Identity theft can be committed by individuals, doctors, nurses, lab technicians, receptionists, or organized criminal gangs. More often than not, medical identity theft is an insider crime. Workers in doctors’ offices, clinics, and hospitals can copy patient information and use it themselves or provide that information to more organized medical identity theft gangs. These identity theft gangs steal hundreds of medical records as well as doctors’ billing codes. These gangs also set up fake medical clinics offering free health screenings as a ruse to draw in patients and then submit bogus bills to insurers, collect payments for a few months and then disappear before the insurance companies realize they have been scammed.
Similar to financial identity theft, there are cases where family members and friends have assumed the identity of an individual to take advantage of the victim’s health insurance benefits. This is also an example of insider crime, where the perpetrator knows or has easy access to the victim’s identity information, including the health insurance card.
Tips to Avoid or Detect Medical Identity Theft
Carefully examine the Explanation of Benefits (EOB) sent by your health insurance provider. You receive an EOB whenever a claim for your healthcare benefits is filed. In particular, check the dates of service, the type of service, and the provider. If there are incorrect entries, such as dates listed that you did not receive treatment, contact the insurer or the provider involved. Do not assume that all is okay just because your balance is zero. Most providers will include a toll-free number on the EOB to call for questions or potentially fraudulent claims information.
At least once a year, request a listing of benefits paid in your name by health insurers that may have made payments on your behalf.
Monitor your credit reports with the nationwide credit reporting companies – Equifax, Experian, and TransUnion – to identify reports of medical debts. You are entitled to one free credit report per year from each of these agencies. One strategy is to request your free credit report from a different agency every 4 months.
Request a full copy of current medical files from each health care provider and examine for errors, such as treatment and medications you never received.
If you discover your medical or insurance records contain false information, you must work to correct those records. Contact the appropriate patient rights advocates at the insurer and/or provider to correct the false entries.
If you are disposing of your EOBs, bills, or any other statements that contain your health or financial information, always shred this information prior to its disposal. Of course, exercise the same caution when disposing of university-owned personally identifiable data.
If your health insurer provides online access to your records, make use of this feature to frequently check the accuracy of your information. Of course, you must adequately protect your computer from viruses and other threats.
December 1, 2007