Generally, when we think of identity theft we think about the unauthorized use of our personal information to get loans or make purchases but in 2013, 43 percent of all identity theft in the United State involved medical-related identity theft—that’s a larger piece of the pie than identity theft involving banking, the government or education. Medical Identity Theft is the fraudulent use of someone’s personal information to gain illegal access to services, devices, insurance reimbursements or prescription drugs. While common identity theft grabs headlines, medical identities are 20 to 50 times more valuable to criminals than financial identities. The U.S. Department of Health and Human Services says that since it began keeping records in 2009, thieves have breached the medical records of between 27.8 million and 67.7 million people. The cost to the victim can be thousands of dollars (an average of $20,000), ruined credit, loss of health coverage, inaccurate records, legal troubles and higher health premiums. (Inaccurate medical records can harm victims by listing wrong medical history, wrong blood type, wrong allergies and other false information that can lead to serious medical problems.) Once a breach has occurred, it’s nearly impossible to clear up medical records.
Steps to take to avoid medical identity theft
- The chief defense against identity theft of any kind involves being aware of your records.
- Guard your numbers—Social Security and Medicare numbers should be treated like you would treat credit cards. Don’t give them out, don’t loan or sell the ability to use your card or identity and if you lose your Medicare or Social Security card, report it immediately.
- Maintain copies of your healthcare records and contact the insurer or provider about care you did not receive even if you owe no money.
- Avoid “free” medical services or treatments as they are often the gateway for thieves to access your information.
- Protect your health information in the same way you would protect credit card information.
- Monitor reports on activity with Equifax, Experian, and TransUnion (they each offer one free credit report a year and Equifax offers a plan that keeps an eye out for potential problems with your Social Security number).
Steps to take if you believe your medical identity has been stolen
According to experts, fewer safeguards exist to protect medical information than many of our other privacy concerns. This means that individuals must be more aggressive about protecting their personal interests. You have a right to your own medical records and in fact, federal law provides you with that right although you may have to pay for copies of your records. If a provider denies your request for records, you have the right to appeal. Contact the person listed in its Notice of Privacy Practices, patient representative or health care ombudsman. If the provider does not provide your records within 30 days, complain to the U.S. Department of Health and Human Services Office for Civil Rights. Some complaints must be filed within 180 days of when you believe your rights were violated so you must stay on top of it. Here are some additional steps.
- If your explanation of benefits form indicates treatments you never received, contact your insurer and medical providers.
- Ask your insurer at least once a year for a listing of benefits paid out under your policy.
- Get a copy of your medical records from your doctor, hospital, pharmacy or laboratory and check it for discrepancies if you suspect you’re a victim of medical ID fraud.
- Check your credit reports each year. If you’ve been scammed, place a fraud alert on your credit reports.
- Report inaccurate medical records if you find errors in your medical files.
- File a police report and send the report to your insurer, medical providers and the credit bureaus.
- File complaints with the state attorney general, the state insurance department, the Identity Theft Data Clearinghouse, and the Department of Health and Human Services.
- Keep a list of names, dates and contact information for anyone you contact to report the problem as well as any content of the discussion.
For an in-depth checklist, go here.