Medical Identity Theft | Protect Yourself


Medical identity theft is a growing problem. Experts estimate that between 200,000 – 500,000 people are already a victim of this crime – and most don’t even know it.

The World Privacy Forum has been a pioneer in identifying and researching medical identity theft issues. Here’s how they describe the problem:

Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.

Medical Identity Theft Basics

So how does medical identity theft occur and how can it affect you? Here’s a video from CBS’ The Early Show that explains the basics:

Medical Identity Theft

4:11 minutes
From CBS The Early Show featuring identity theft expert Robert Siciliano.

How Can You Protect Yourself?

The World Privacy Forum has great information on detecting and preventing medical identity theft. Here are the things to watch:

  • Closely monitor any “Explanation of Benefits” sent by an public or private health insurerHealth insurance companies often send out notices in the mail that describe recent medical events. Pay attention to these and contact your health care provider if they don’t look familiar.
  • Pro-actively request a listing of benefits from your health insurers
  • Request a copy of current medical files from each health care providerLook over these files to make sure that all the information is familiar. Report any errors or strange information to your health care provider.
  • Correct erroneous and false information in your file
  • Keep an eye on your credit reportMedical expenses should eventually show up on your credit report – especially unpaid accounts that were created by an identity thief.
  • Request an accounting of disclosuresThis is a benefit of HIPAA (the Health Insurance Portability and Accountability Act). This relates to all of the documents you now sign when going to your doctor relating to privacy and information sharing. You can request a list of all the times your medical information has been shared along with the reason for sharing.
  • More information from World Privacy Forum.

Author: Dave Nielsen

I started using computers in 1978 on the Apple II and was first online (using my “high-speed” 1200 baud modem) in 1989. I’ve managed web sites for several Fortune 500 companies and for internet start-ups. Working for one of those start-ups is what brought me into the world of credit. I was part of the the executive team that ran QSpace, the first company to offer credit reports over the internet.

Share This Post On

3 Comments

  1. People need to become more aware of Medical Record Theft. This is a very serious issue that is not being addressed. Your medical record contains your medical history plus your private information such as your name, address, phone, insurance card information which is often the same as your social security card number. A cross reference will allow these thieves to find out where you live, what you are worth, and then start stealing from your home, mail, banking and more. This opens endless opportunities for the thieves and the black market. You may wish to visit http://www.medicalrecordtheft.com.
    I believe the USA has not begun to get a grip on what we are about to see due to the weak economy and people out of work. It appears other Countries are much further ahead taking proactive steps towards ID Theft. While the USA has been aware of this for a long while, some large city local Police are not well trained yet. As late as 2005, some large city Police did not recognize ID Theft at all. Tough Laws need to be passed and Enforced but it seems Lawmakers are hesitant.

  2. Electronic Health Records

    Over the last few years I have observed conversations and information regarding the need for electronic health information and electronic medical records on a national scale. The information to date has seemed very promising and enabling; however, I am concerned that with the rush to implement, we as a nation may over look some items that I feel are necessary safety and security protocols.

    Currently, if a person is the victim of medical identity theft they have a great deal of “proving” to do before anyone will help them, In addition, there is a great deal of existing proof that even after the hospitals and creditors have been satisfied of the remedy, there exists the long term danger of “tainted” information.

    When a person is the victim of identity theft medical care is provided, entries are made, and claims are filed with the insurance payer. In an all-electronic world each of these entities would be making entries into a system that is more universal in nature. While this may actually aid in the proper delivery of care, it can also aid in the delivery of improper care that could result in long term injury and death.

    There are currently several systems providers that deliver a type of “patient profile” that is based on previous claims data. If the data is compromised between a real patient data and co-mingled with data from the “false patient” [the person who used someone else’s insurance information], the provider attempting to deliver no-voice-no-vote care in an emergency situation may actually rely on information that does not accurately represent the person in their emergency room.

    Over the last several months I have heard and read where executives from several companies are talking down regarding safety protocols and medical/health records mitigation as nothing more than hurdles and obstacles to improving healthcare information delivery. I believe this to be self-serving and disingenuous for several reasons:

    1. Adding safety and records mitigation protocols ensure patient safety as an ongoing concept and practice
    2. No industry would be allowed to operate, where the officials in charge of it stated that the market or other bodies would be responsible for creating safety procedures. Can you imagine if the auto industry stated, “we make cars, let the market figure out how to regulate safety”? I doubt that Congress or any other body would consider these people as remotely credible, yet I hear time and time again these statements being made in public and private forums by executives, lobbyists, and even so-called healthcare leaders.
    3. For the public and providers to embrace a product that has no regulation, no built-in safeguards, and obviously no importance to safety from the makers of these products, why would Congress expect the American public or health care providers to embrace a product or concept that involves the unregulated risk of injury, death, or staggering liability opportunities, let alone without any hope of remedy or proper relief?

    I have a passion for healthcare delivery and believe that people should receive nothing but the best leadership in this matter from all levels of local, state, and federal government, when it comes to our countries best long term interests.

  3. Electronic Health Records

    Over the last few years I have observed conversations and information regarding the need for electronic health information and electronic medical records on a national scale. The information to date has seemed very promising and enabling; however, I am concerned that with the rush to implement, we as a nation may over look some items that I feel are necessary safety and security protocols.

    Currently, if a person is the victim of medical identity theft they have a great deal of “proving” to do before anyone will help them, In addition, there is a great deal of existing proof that even after the hospitals and creditors have been satisfied of the remedy, there exists the long term danger of “tainted” information.

    When a person is the victim of identity theft medical care is provided, entries are made, and claims are filed with the insurance payer. In an all-electronic world each of these entities would be making entries into a system that is more universal in nature. While this may actually aid in the proper delivery of care, it can also aid in the delivery of improper care that could result in long term injury and death.

    There are currently several systems providers that deliver a type of “patient profile” that is based on previous claims data. If the data is compromised between a real patient data and co-mingled with data from the “false patient” [the person who used someone else’s insurance information], the provider attempting to deliver no-voice-no-vote care in an emergency situation may actually rely on information that does not accurately represent the person in their emergency room.

    Over the last several months I have heard and read where executives from several companies are talking down regarding safety protocols and medical/health records mitigation as nothing more than hurdles and obstacles to improving healthcare information delivery. I believe this to be self-serving and disingenuous for several reasons:

    1. Adding safety and records mitigation protocols ensure patient safety as an ongoing concept and practice
    2. No industry would be allowed to operate, where the officials in charge of it stated that the market or other bodies would be responsible for creating safety procedures. Can you imagine if the auto industry stated, “we make cars, let the market figure out how to regulate safety”? I doubt that Congress or any other body would consider these people as remotely credible, yet I hear time and time again these statements being made in public and private forums by executives, lobbyists, and even so-called healthcare leaders.
    3. For the public and providers to embrace a product that has no regulation, no built-in safeguards, and obviously no importance to safety from the makers of these products, why would Congress expect the American public or health care providers to embrace a product or concept that involves the unregulated risk of injury, death, or staggering liability opportunities, let alone without any hope of remedy or proper relief?

    I have a passion for healthcare delivery and believe that people should receive nothing but the best leadership in this matter from all levels of local, state, and federal government, when it comes to our countries best long term interests.

Submit a Comment