If you’re like most people, you’re probably aware of the concept of identity theft. A criminal gets access to enough of your personal information to pretend to be you. They use that information to open new credit cards, get new loans, or even buy a new car or house in your name. Since it’s in your name, you’re stuck with the bill. The financial impact can be horrible, and the recovery process can be long, complicated, and frustrating. But with most identity theft, the impact is purely financial. But that’s not the case with medical identity theft.
In addition to financial consequences, this type of identity theft can affect your medical care and put your health at risk. Even worse, many people don’t know anything about it. And if you don’t know it’s a possibility, you may not realize it’s happened until the consequences start affecting you.
What is Medical Identity Theft?
In regular identity theft, the thief uses your information to pretend to be you to get credit cards or loans in your name. In medical identity theft, the principle is the same, but the benefits are different. What makes it unique is that in this case, the thief uses your information to pretend to be you while getting medical care. By doing this, they can use your health insurance benefits and the final bill goes to you. Essentially, they get whatever medical care they want or need on your dime.
The Consequences of Medical Identity Theft
Some of the consequences of medical identity theft are similar to what you see in regular identity theft. Fraudulent bills in your name can lead to financial stress. If the bills go to collections, it could damage your credit report.
However, because it affects your health insurance and medical records, it can also have consequences in your ability to get medical care – or even endanger your life. If the thief uses too many of your insurance benefits, you may find yourself without coverage for a future situation. You could get denied care at a medical establishment because of the thief’s actions. Your health insurance premiums could go up or even denied coverage altogether.
It could also have legal consequences. In some cases of medical identity theft, the thief has used the victim’s identity to obtain large amounts of controlled substances through prescriptions. If anyone catches on, they could report the thief – and the information attached to the activity is yours. You could end up arrested or worse.
If the thief’s medical information gets combined with yours and causes your records to become inaccurate, that could have dangerous, even deadly consequences. For example, if the thief’s blood type is entered into your medical record and you need a blood transfusion, you could receive the wrong type of blood, which could be fatal. Or you could receive an inaccurate diagnosis and get treated for the wrong thing because of inaccuracies in your medical records.
How Identity Thieves Get Your Information
Medical identity theft requires the thief to get their hands on two different types of information. First is identifying information about you. Often your name, birthday, and address are enough, but some will go after your social security number as well. Second, in order to fraudulently use your health insurance benefits, they need to get your insurance information.
There are several ways a hopeful thief can get this information. They could use social engineering on either you or your medical provider. People often don’t consider their health insurance information to be extremely confidential. Many of us wouldn’t think twice about “verifying” our identity and insurance information if the caller claimed to be with your doctor’s office.
Another way identity thieves could get your information is through data breaches. Hackers target medical institutions and health insurance companies just as much as they target other types of companies. They may also go after doctor’s offices and other practices to get the data. Sometimes the criminals will try to get the information themselves, but much more often they will buy it from the person who actually accessed the data.
Finally, and least commonly, they could get the information from ordinary theft in the physical world. If they steal your purse or wallet that has your ID and your insurance card, that’s all the information they need. Or they could steal a piece of mail from your insurance company. That will give them most of what they need to steal your identity for medical purposes.
How to Find Out if You’re a Victim
If you want to find out if a criminal opened a new credit card or took out a loan in your name, you can check your credit report. Everyone is entitled to a free copy of their credit report once a year, and there are apps out there that allow constant monitoring. But there isn’t a credit report for medical care. Unfortunately, watching for medical identity theft isn’t as easy as reviewing a credit report or checking an app. But there are a few steps you can take to spot when it happens.
Read Your Explanation of Benefits
Every time you or anyone on your health insurance plan get medical care, your insurance company will send you a document called an “Explanation of Benefits,” sometimes shortened to “EOB.” This is a list of all the care that was provided and how much your insurance covered. You may get these statements in the mail or digitally on your insurance provider’s website.
When you get these statements, go over them carefully. Watch for care listed that you or someone else covered by your plan didn’t receive, or care received at provider you’ve never been to. It may be an indication that someone at your provider’s office put in the wrong billing code, or your insurance got something wrong. Or it may be a sign that you’re a victim of medical identity theft. Either way, it bears investigating. Contact your provider immediately.
Watch for Suspicious Bills
Every time you get a medical bill, read it over carefully. Confirm that it’s for a service you, someone in your household, or someone on your health insurance plan actually received. If you are getting bills for services you never received, that’s an indication that something is wrong. Either the provider has made a major error in their billing or you are a victim of medical identity theft. Regardless of the cause, it’s time to call the provider and dispute the bill.
Check Your Medical Records
Ask your medical providers for a complete copy of your medical records. Under HIPAA regulations, you are entitled to a copy of your records. Some providers require a written request, so ask how you should request this access. Once you have the records, go through them thoroughly. Look for anything that’s not correct or accurate.
Just because there are a few inaccuracies doesn’t necessarily mean you have been a victim of medical identity theft. It’s possible that the provider’s office may have recorded something incorrectly, or there was an administrative error, such as staff mixing up two patients with the same name. But if you find something incorrect, you should still take action. Follow the other steps in this section to check for other signs of medical identity theft. And contact your provider to request your records be corrected.
If your records are accurate, or after you have a copy with corrections and have verified that it’s correct, keep a copy somewhere safe. That will make it easier to resolve problems with your medical records if you become a victim of medical identity theft in the future.
Check Your Credit Report
Yes, it’s true that medical bills don’t generally show up on your credit report. But if any of them go to collections, that will affect your credit and you will be able to see it. You should be checking your credit report regularly anyway to watch for inaccuracies or indications of ordinary identity theft. When you do so, also check for new collections accounts regarding medical debt. Those could indicate that your were a victim of medical identity theft.
What to Do if You’re a Victim of Medical Identity Theft
If you determine you are a victim of medical identity theft, take action. Identity theft does not improve by being left alone. And if you need medical care before the situation is resolved, you may not be able to get it, or the care may be incorrect or even harmful.
First, deal with the issue that first informed you of the situation. If it was an inaccurate bill from a provider or something incorrect on your medical records, contact the provider. If it was something on an Explanation of Benefits from your insurance provider, contact your insurance. Collections accounts on your credit report can be disputed with the credit agency.
Next, report the theft to the Federal Trade Commission at identitytheft.gov. This also gives you the option to get an Identity Theft Affidavit, which is an official legal document saying you have been the victim of identity theft. This can be helpful in disputing bills and accessing resources.
Third, file fraud alerts. Contact your health insurance provider’s fraud department and explain that you have been a victim of medical identity theft. They may want a copy of your FTC report or affidavit. File fraud alerts with the three major credit reporting agencies and get copies of your credit report. And contact every medical provider, explain the situation, and ask for a copy of your current medical records. Consider filing a police report, as well. That extra documentation could help with your case.
Finally, it’s time to go through the documents. Look carefully at your credit reports and dispute any inaccuracies. Go through your medical records and report any errors.
Protect Yourself from Medical Identity Theft
Medical identity theft can be challenging to identify and frustrating to deal with. It can also have far-reaching consequences, both financial and medical. But there are steps you can take to protect your information and your medical data from thieves. A great first step is reading this article, because now you know that it can happen! Follow these next steps to reduce your chances of having your identity stolen and used to get medical care fraudulently.
Be Careful Where You Provide Your Information
Many different offices and organizations ask for personal or medical information. This could include your social security number, health insurance information, Medicare number, or health details. Whenever anyone asks, you should ask questions first. Why do they need it? Do they need it in the first place? You may find that they don’t. Some offices as for particular information because their form has a spot for it, not because they particularly need it.
If they do have a valid reason to have that information, ask more questions. How do they protect it? Will they share it? If they will, who will they share it with? If you aren’t happy with those answers, ask if there’s a way to proceed without that information. Depending on your situation, you may be able to find somewhere else that offers the same service that doesn’t require that information or has better answers for your questions.
In addition, to avoid scammers and social engineering, never give medical information to anyone who calls, emails, or texts you unexpectedly. Instead of continuing the conversation, call the organization directly from a phone number you know is genuine.
Don’t Share Medical Things on Social Media
You can never really be sure who sees what on social media, even if your privacy settings are top-notch. It’s just the nature of the sites. So you should never share medical information, such as news of an upcoming surgery or procedure, on social media. An enterprising thief can add that information to whatever else they have on you, and that makes it even easier to steal your identity.
Know What Thieves Can Use
Identity thieves can use information from a variety of places to commit medical identity theft. But they can get your information from more places than you might expect. All of your medical records, health insurance records, and all documents with any kind of medical information should be kept secure. That doesn’t just include your insurance cards. Thieves could get enough information from health insurance enrollment forms, prescriptions or prescription bottles, bills from medical providers, or statements from your health insurance company. Store all of these items somewhere secure.
Dispose Carefully
An ambitious or desperate would-be thief isn’t above snooping through your trash for information. Don’t just toss things containing medical data of any kind in the garbage. For documents, shred them before putting them in the trash. If you don’t have a shredder, see if your city or municipality has a shred day. And for things that are hard to shred, like pill bottles, peel off and destroy any identifying information if you can; if not, cover it up with a permanent marker.
Protect Your Mail
Thieves could also steal mail from your insurance company or healthcare providers out of your mailbox to get the data they need to commit their fraud. Consider turning on the Post Office’s Informed Delivery feature. That way you can see in advance if you’re getting anything from healthcare providers and insurance and get it from the mailbox as soon as possible (or know immediately that it’s missing). You could also switch to paperless communication. Documents that don’t go through your mailbox can’t be stolen from your mailbox.
Stay Alert for Signs of Medical Identity Theft
What makes medical identity theft so challenging is that it can be difficult to spot. People often aren’t even aware that their identity has been used in this way until they apply for a mortgage or a new credit card and are declined. They then find that their credit has been devastated by fraudulent medical bills sent to collections.
You can avoid this by staying alert. Review every medical bill that you get, whether in print or online. Confirm that you really got those services at that place on that day. Read your Explanation of Benefits from your insurance and make sure there’s nothing incorrect on there. Periodically get a copy of your medical records and make sure everything on it is accurate. And monitor your credit report, which will help you spot regular identity theft as well as the medical variety.
If anything unusual comes up in your monitoring, the next step is to take action. Contact the source of the inaccuracy. If it’s in your Explanation of Benefits, call your health insurance; if it’s on a bill or your medical record, call the provider. There is a chance that it’s just a mistake from the provider or your insurance. In that case, one or two calls should see it resolved. But if it’s a case of medical identity theft, catching it and dealing with it as early as possible can help reduce the effects it will have on your finances, your health, and your life.
