Editorial Policy

7 things you must know about medical identity theft

Roxanne Hawn

January 12, 2015

Some people perceive medical identity theft as a victimless crime. After all, insurance companies take the hit, right? Wrong!

“A big piece about understanding why you need to protect yourself is knowing what might happen when your identity has been compromised,” says Ann Patterson, senior vice president and program director of Medical Identity Fraud Alliance (MIFA).

Your health and your pocketbook could be at stake. Here are the reasons why you should protect your medical identity and how to do it.

1. The healthcare industry offers no financial protections. It isn't a matter of simply calling to dispute bogus charges and letting insurance companies and doctors duke it out. There is no $50 limit on your liability, as there is with credit cards.

Pay attention to medical paperwork because it often reveals the first indications of trouble:

  • Make sure items listed on insurance Explanations of Benefits (EOB) forms match services you indeed received.
  • Match those EOBs to medical invoices, checking for anything added fraudulently to your bill.
  • Review medical bills you receive directly, especially if that isn't normal.
  • Know your insurance coverage limits. Fraudsters often submit expensive claims that max out coverage.

2. It's expensive. Victims affected financially pay an average of $18,660 trying to fix the problem, according to a 2013 survey completed by Ponemon Institute and sponsored by MIFA, by:

  • Paying for medical services provided to imposters
  • Seeking identity and credit protections and legal counsel
  • Paying out-of-pocket for healthcare until the issue is resolved

Check your credit report once a year for free at AnnualCreditReport.com, looking for medical bills in collections. Fraudsters often set up medical accounts in your name with another address. Those accounts can go unpaid, without you ever seeing a bill.

3. It can put your health, family and job at risk.

When the fraudster's health information takes root in your medical records, it can lead to misdiagnosis, prescription errors, delayed treatment or even mistreatment. In one case reported by the Healthcare Information and Management Systems Society, a woman nearly lost custody of her children. The thief gave birth to a drug-addicted baby, causing child protective services to come knocking at the victim's home. MIFA also cites cases where thieves' drug use or medical limitations compromised victims' jobs. Plus, while the impact of unpaid medical debt may not be as severe on your credit score as say, credit card debt, your score could still drop if medical debt ends up in collections, hurting your ability to qualify for loans and, possibly, a new job.

“There is no law that says in order for a doctor to provide you services that you have to fork that information over.”
–Ann Patterson, Medical Identity Fraud Alliance

Don't speed through forms or conversations meant to confirm your medical history. Look for inaccuracies, including major diagnoses, surgeries, medication allergies, blood type, etc.

4. Medical ID thieves need little information to get started. A fraudster can cause trouble with just your name and your health insurance identification number.

The most obvious form of medical ID fraud comes when someone seeks medical services under your name and insurance. Some thieves, including organized rings at hospitals or medical offices, also submit false invoices to insurance or patients.

Provide only the personal identification that's necessary to receive medical care. Unless you have Medicare, medical providers do not need your Social Security number. Just because forms ask for something doesn't mean you have to provide it. Staff might hassle you about items left blank, but Patterson explains that providing every possible way to reach you — at home, at work, through next of kin — is old-fashioned and unnecessary. “There is no law that says in order for a doctor to provide you services that you have to fork that information over,” she says.

5. It's most likely someone you know. MIFA surveys reveal that most medical identity crimes happen between family members or friends. In 30 percent of cases, the victim knowingly shared medical credentials. In 28 percent more cases, friends or family took information without consent.

Keep your medical and insurance information private. Don't discuss your co-payments, policy benefits, deductible amounts or coverage limits.

 6. Health-related apps and social media venues have zero legal obligation to protect health information you volunteer. All those calories you count, all those steps you take, all those weigh-ins you log, all those posts you put online help fraudsters piece together your medical identity.

“Fraudsters are very good at big data,” Patterson says. “They are better at it than probably a lot of legitimate companies. They are well financed. They have the best hackers. They have the best IT people. So, they can gather information about you that you've put out there.”

Don't share any medical information via social media. That includes using check-in features to announce you're at a medical facility, posting digital images of your surgery or alerting people about test results.

7. It's your responsibility to protect your high-tech medical information. You've heard it before, but it bears repeating: Make sure your information is protected online.

Practice good security hygiene with your computers and devices. “You don't want to be the low-hanging fruit,” says Lee Kim, director of privacy and security, Healthcare Information Management and Systems Society:

  • Choose strong passwords when accessing medical or insurance information.
  • Password-protect home WiFi networks and use the highest level of wireless router encryption.
  • Always log out of health apps and patient portals.
  • Manually connect to wireless networks away from home.
  • Use your personal WiFi connection when you travel, rather than public networks at airports, restaurants and hotels.

“I know some of this sounds really basic,” Kim says, “but it's a bit like remembering to wash your hands when you're in public.”

The increasing use of technology in health circles increases the risk of medical ID fraud. Sometimes, low tech is more secure. Kim says, “It might be better for me to talk to my doctor by telephone than by email.”