Identity Theft : Medical Identity Theft

Medical Identity Theft

What is it?

Medical identity theft occurs when an individual’s personal information is used to obtain or make false claims for medical services or goods without that individual’s knowledge.  This criminal act uses information such as a person’s name and insurance card to cause harm to its victims by creating false entries in their medical records.  Several years can go by before these false claims are discovered.

There are many consequences when dealing with medical identity theft.  The patient may fail a screening exam for employment due to the presence of diseases and other conditions in their health records.  The victim may receive inappropriate medical treatment including harmful medication.  They may exhaust their health insurance benefits and potentially loose both life and health insurance coverage.  Ultimately, the victim may have issues with their credit report; receive unpaid bill notifications, and harassing phone calls from collections agencies.

Increasingly more and more health systems are moving away from paper-based charts to computer-based or electronic medical records (EMR).  This move can make it harder to recover from medical identity theft since records may be stored in computerized patient networks of various healthcare providers. 

What Medical Identity Theft is Not

Although ID theft may happen in a health care facility, it is not necessarily medical identity theft.  If a technician steals your credit card information to buy goods, this is not medical identity theft.  It is considered financial identity theft.

A person’s medical record might be altered but it may not be medical identity theft.  A clinician may change the patient’s medical records in order to cover up an error.  While this is clearly unethical, it is not medical identity theft.

If a person willingly shares there personal information so that someone else can obtain medical care, it is a crime but not considered identity theft.

Who are the perpetrators?

Medical identity theft is usually an insider crime.  Workers at healthcare facilities have access to patient information.  They can use it for themselves or provide it to organized medical identity theft gangs.  Medical identity theft gangs steal hundreds of medical records and doctor billing codes.  They may also set up fake medical clinics to draw in patients.  They will proceed to submit false bills to insurers, collect payments for a few months and then disappear before the insurance companies realize what happened.

Tips to Avoid or Detect Medical Identity Theft

Carefully examine the Explanation of Benefits (EOB) sent by your health insurance provider. You receive an EOB whenever a claim for your healthcare benefits is filed. In particular, check the dates of service, the type of service, and the provider. If there are incorrect entries, such as dates listed that you did not receive treatment, contact the insurer or the provider involved. Do not assume that all is okay just because your balance is zero. Most providers will include a toll-free number on the EOB to call for questions or potentially fraudulent claims information.

At least once a year, request a listing of benefits paid in your name by health insurers that may have made payments on your behalf.

Monitor your credit reports with the nationwide credit reporting companies – Equifax, Experian, and TransUnion – to identify reports of medical debts. You are entitled to one free credit report per year from each of these agencies. One strategy is to request your free credit report from a different agency every 4 months.

Request a full copy of current medical files from each health care provider and examine for errors, such as treatment and medications you never received.

If you discover your medical or insurance records contain false information, you must work to correct those records. Contact the appropriate patient rights advocates at the insurer and/or provider to correct the false entries.

If you are disposing of your EOBs, bills, or any other statements that contain your health or financial information, always shred this information prior to its disposal. Of course, exercise the same caution when disposing of university-owned personally identifiable data.

If your health insurer provides online access to your records, make use of this feature to frequently check the accuracy of your information. Of course, you must adequately protect your computer from viruses and other threats.