It's bad enough when some scammer gets your credit card, but what happens when they steal your access to health care? Even worse, what if that person is a member of your family or a member of the health care field we are supposed to trust?
It's not an isolated concern. Medical identity theft represented 42.5 percent of the breaches identified in 2014 according to the Identity Theft Resource Center. And the crime appears to be growing — another consumer advocacy group, the Ponemon Institute, said medical identity theft incidents increased 21.7 percent, costing victims more than $13,500 to resolve.
Here's how you can stay safe
1. Always, always read your Explanation of Benefits
No one would say those statements from your health insurer are engaging reading, but EOBs are often the first indicator that your medical identity has been stolen. Review EOB statements or Medicare Summary Notices (MSN) as soon as they arrive. Be sure the provider listed is a name you recognize and confirm that the date of service is a day when you visited your provider's office. Note that the service description matches the service you actually received.
2. Be extremely wary of phone offers
Scammers sometimes phone potential victims under the guise of conducting a health survey, or they might masquerade as representatives from Medicare or Social Security. These callers may ask for your health insurance information or might request a credit card to settle a bill.
Hang up. Do not accept a free health care product or service from someone who requests your insurance ID number without thoroughly checking the legitimacy of the provider. The Federal Trade Commission (FTC) advises consumers not to “share medical or insurance information by phone or email unless you initiated the contact and know who you're dealing with.”
3. Even seemingly innocuous sharing can cost you
Sometimes people share their health insurance information with uncovered family members in order to obtain services without paying appropriate insurance premiums. An example might be a parent who purchases vision coverage from his employer's benefits menu but does not buy vision insurance for his children. When his child needs glasses, he's in the position of having to falsify patient information to obtain a discount.
4. Scammers might be closer than you think
The University of Miami Health System describes medical identity theft perpetrators as “doctors, nurses, lab technicians, receptionists or organized criminal gangs.” What's chilling is that UMHS also reports cases “where family members and friends have assumed the identity of an individual to take advantage of the victim's health insurance benefits.” They explain that these insider crimes happen because the thieves have easy access to the victim's identity data and insurance cards.
In some respects, medical identity theft can be a crime of opportunity, so do what you can to prevent your medical identity information from being accessible even to family and friends. Store hard-copy insurance statements in a locked file and shred documents that are no longer needed. Use a password to protect files containing sensitive electronic information.
5. Take advantage of your annual records check
Your right to a free credit report once a year is now common knowledge, but did you know your health insurer has to do the same thing? Once a year, ask your insurer (or insurers) to provide a summary of all benefits paid on your behalf during the past 12 months. Be sure to also request an “accounting of disclosures” for your medical records — this is a list of who received copies of your records from each provider. If you suspect your medical identity has been stolen, request copies of your medical records from your doctors, hospital, pharmacy, and laboratory.
You could even face a bizarre situation where your health care provider refuses to supply your medical or billing records out of concern for violating an identity thief's privacy.
The FTC provides assurance that you have the right to appeal that decision. Start with the individual listed in your provider's Notice of Privacy Practices, an ombudsman or patient advocate. If your records aren't delivered within 30 days of your written request, the FTC recommends that you file a complaint with the U.S. Department of Health and Human Services' Office for Civil Rights.
6. Don't be afraid to ask questions.
If anything on your EOB or MSN is unfamiliar to you, contact your insurer to explain. It could be something you didn't immediately recognize or it could be identity theft. You have the right to know.
7. Report any suspected fraud.
Notify your insurer if you detect that your medical identity has been stolen and alert your health care providers. Use the accounting of disclosures report to contact every party who received your personal health information and inform them that your data was breached.
If you suspect Medicare fraud, report it to the Department of Health & Human Services Office of Inspector General. Place a fraud alert with Equifax, Experian and TransUnion; file a police report and file a medical identity theft complaint with the FTC.
Ask your health care providers to correct your medical records, but be advised that this can be difficult to accomplish. The Coalition Against Insurance Fraud states that “federal law permits patients to correct medical records created only by the medical provider or insurer that now maintains your information.” Hospitals or insurers who later obtain your information are not required by law to make any corrections. If your request for correction is denied, demand that your record includes a statement to the effect that you do not agree with the documentation that is in your record.
Vigilance — your ounce of prevention
Stopping medical ID theft isn't only on you, the consumer. The Smart Card Alliance, a non-profit multi-industry association, asserts “the way to stop medical identity theft … is to improve patient identification and provide enhanced data protection.”
In the future, enhanced technologies may protect us. Technology consulting firm Booz Allen Hamilton predicts: “Technology solutions such as biometrics, smart cards, or electronic patient records may be able to assist providers in verifying patients' identities based on past histories, demographics or facial photographs,” but until the future becomes the present, stay aware.
Have you had any experience with medical identity theft? How did you handle it? Tell us in the comments below.
[Read the story behind the story: What sparked my investigation into medical identity theft.]