Medical identity theft: The identity theft no one is talking about
When the oral surgeon recommended that our daughter have her wisdom teeth removed, we thought we knew what to expect both medically and financially. Morgan's two sisters underwent this procedure in the past, and we adopted a brave “Let's get this over with!” attitude as we scheduled her operation.
We expected the least painful part of the procedure to be the surgery bill because the girls are covered under both their parent's dental insurance. It was an unpleasant surprise to learn from the oral surgeon's billing manager, “After checking with your insurance, we estimate that your daughter's surgery will cost you about $1,200 out-of-pocket since she has exhausted nearly all of her benefits this year.”
Something was wrong!
It was late in the day when we discovered that our insurers were planning to deny benefits, and we wracked our brains that evening trying to imagine why, with double insurance, Morgan lacked coverage. Had we forgotten about treatments she received? Were we mistaken about dates when she received services? Could the insurance company records be incorrect? Or, might this be something more sinister, such as medical identity theft?
Medical identity theft
The Federal Trade Commission (FTC) explains that “A thief may use your name or health insurance numbers to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief's health information is mixed with yours, your treatment, insurance and payment records, and credit report may be affected.”
Medical identity theft's most damaging outcome occurs when a victim receives an incorrect therapy or medication due to the co-mingling of the victim's health history with that of the thief's. The financial consequences can be painful as well, including:
- Higher insurance premiums due to your apparent high benefit usage.
- Calls from debt collectors demanding payment for services you never received.
- Damage to your credit report that results in your inability to secure a loan or causes an employer to think twice about hiring you.
- Benefits denied until you pay your deductible.
Relief — a simple error brought to light
In our case, multiple phone calls to our daughter's dentist and both insurance companies finally shed light on why benefits appeared to be exhausted: Morgan's twin sister, Margaux, had received several dental treatments during the past year. When the oral surgeon's office called to verify coverage, two girls with the same date of birth and same first initial and last name were confused by the insurance representative who erroneously reported that Morgan's benefits were tapped out when she actually had more than enough available to cover the surgery.
The misunderstanding was corrected after less than an hour's work on the phone, but had this been a case of medical identity theft, we might have had to pay $1,200 for her procedure and may have struggled for months to clear up false patient records.
Having experienced the worry associated with a potential medical identity theft, and the relief when we discovered our daughter's health records were safe for now, we became vigilant about doing what we could to prevent and detect this type of crime.
It's bad enough when some scammer gets your credit card, but what happens when they steal your access to health care? Even worse, what if that person is a member of your family or a member of the health care field we are supposed to trust?
It's not an isolated concern. Medical identity theft represented 42.5 percent of the breaches identified in 2014 according to the Identity Theft Resource Center. And the crime appears to be growing — another consumer advocacy group, the Ponemon Institute, said medical identity theft incidents increased 21.7 percent, costing victims more than $13,500 to resolve.
Here's how you can stay safe
1. Always, always read your Explanation of Benefits
No one would say those statements from your health insurer are engaging reading, but EOBs are often the first indicator that your medical identity has been stolen. Review EOB statements or Medicare Summary Notices (MSN) as soon as they arrive. Be sure the provider listed is a name you recognize and confirm that the date of service is a day when you visited your provider's office. Note that the service description matches the service you actually received.
2. Be extremely wary of phone offers
Scammers sometimes phone potential victims under the guise of conducting a health survey, or they might masquerade as representatives from Medicare or Social Security. These callers may ask for your health insurance information or might request a credit card to settle a bill.
Hang up. Do not accept a free health care product or service from someone who requests your insurance ID number without thoroughly checking the legitimacy of the provider. The Federal Trade Commission (FTC) advises consumers not to “share medical or insurance information by phone or email unless you initiated the contact and know who you're dealing with.”
3. Even seemingly innocuous sharing can cost you
Sometimes people share their health insurance information with uncovered family members in order to obtain services without paying appropriate insurance premiums. An example might be a parent who purchases vision coverage from his employer's benefits menu but does not buy vision insurance for his children. When his child needs glasses, he's in the position of having to falsify patient information to obtain a discount.
4. Scammers might be closer than you think
The University of Miami Health System describes medical identity theft perpetrators as “doctors, nurses, lab technicians, receptionists or organized criminal gangs.” What's chilling is that UMHS also reports cases “where family members and friends have assumed the identity of an individual to take advantage of the victim's health insurance benefits.” They explain that these insider crimes happen because the thieves have easy access to the victim's identity data and insurance cards.
In some respects, medical identity theft can be a crime of opportunity, so do what you can to prevent your medical identity information from being accessible even to family and friends. Store hard-copy insurance statements in a locked file and shred documents that are no longer needed. Use a password to protect files containing sensitive electronic information.
5. Take advantage of your annual records check
Your right to a free credit report once a year is now common knowledge, but did you know your health insurer has to do the same thing? Once a year, ask your insurer (or insurers) to provide a summary of all benefits paid on your behalf during the past 12 months. Be sure to also request an “accounting of disclosures” for your medical records — this is a list of who received copies of your records from each provider. If you suspect your medical identity has been stolen, request copies of your medical records from your doctors, hospital, pharmacy, and laboratory.
You could even face a bizarre situation where your health care provider refuses to supply your medical or billing records out of concern for violating an identity thief's privacy.
The FTC provides assurance that you have the right to appeal that decision. Start with the individual listed in your provider's Notice of Privacy Practices, an ombudsman or patient advocate. If your records aren't delivered within 30 days of your written request, the FTC recommends that you file a complaint with the U.S. Department of Health and Human Services' Office for Civil Rights.
6. Don't be afraid to ask questions.
If anything on your EOB or MSN is unfamiliar to you, contact your insurer to explain. It could be something you didn't immediately recognize or it could be identity theft. You have the right to know.
7. Report any suspected fraud.
Notify your insurer if you detect that your medical identity has been stolen and alert your health care providers. Use the accounting of disclosures report to contact every party who received your personal health information and inform them that your data was breached.
If you suspect Medicare fraud, report it to the Department of Health & Human Services Office of Inspector General. Place a fraud alert with Equifax, Experian and TransUnion; file a police report and file a medical identity theft complaint with the FTC.
Ask your health care providers to correct your medical records, but be advised that this can be difficult to accomplish. The Coalition Against Insurance Fraud states that “federal law permits patients to correct medical records created only by the medical provider or insurer that now maintains your information.” Hospitals or insurers who later obtain your information are not required by law to make any corrections. If your request for correction is denied, demand that your record includes a statement to the effect that you do not agree with the documentation that is in your record.
Vigilance — your ounce of prevention
Stopping medical ID theft isn't only on you, the consumer. The Smart Card Alliance, a non-profit multi-industry association, asserts “the way to stop medical identity theft … is to improve patient identification and provide enhanced data protection.”
In the future, enhanced technologies may protect us. Technology consulting firm Booz Allen Hamilton predicts: “Technology solutions such as biometrics, smart cards, or electronic patient records may be able to assist providers in verifying patients' identities based on past histories, demographics or facial photographs,” but until the future becomes the present, stay aware.
Have you had any experience with medical identity theft? How did you handle it? Tell us in the comments below.