How to Prevent Medical Identification Theft
Be aggressive about checking your credit and medical records, and hold your healthcare providers accountable for safeguarding your health information.
While you’re probably more worried about who might be using your credit cards, your medical identity might be stolen from right under your nose.
Millions of people — more than 40 million in one recent year — are affected by dishonest employees or hackers who get into medical records. For example, one breach exposed records for 3.5 million people — the birth dates, Social Security numbers, insurance and other financial information, and names and addresses of seven years’ worth of applicants and enrollees at Florida Healthy Kids Corp.
YOU MIGHT ALSO LIKE: What Is an Electronic Health Record?
How your medical information can be stolen
Medical organizations are uniquely unprepared for cyber threats, as the world learned when a ransomware attack took down the United Kingdom’s National Health Service.
The criminals can use your identity to get healthcare, including prescription drugs, or insurance payouts.
Sometimes they obtain your information because you trusted them. Family members, caregivers, and healthcare providers or pharmacy staff can commit medical identify theft. In one study, sponsored by the Medical Identity Fraud Alliance, 24 percent of the victims said that the perpetrator was a family member.
The criminal might sell your profile online, earning as much as $1,000, compared to $1 for a Social Security number and $5 to $30 for a credit card, reports consumer credit rating agency Experian.
In some cases, the fraud involves deliberate errors placed in existing medical records, which can stay there for years.
Fixing a problem is difficult
Solving medical identify theft is complicated and time-consuming. For all the cases resolved, many more aren’t, meaning that potentially devastating information is floating around out there.
It’s also expensive. Although federal law limits liability for fraudulent credit card charges, you aren’t protected when your medical data is used. In the Alliance study above, most of the victims had to pay $13,500, on average, to resolve the problem. Those costs might include legal fees or payments to defrauded medical providers and insurers.
Victims typically learned about the theft more than three months after the crime. It took, on average, more than 200 hours of effort to clean things up, the study found.
Many victims live with bad credit caused by phony bills and have to fend off aggressive debt collectors. Some have faced prosecution when the fraudsters stockpiled prescription drugs.
That all makes it worth being acutely aware of how your medical identify is being protected. Or if it’s being protected.
Here are several warning signs, courtesy of the AARP:
- You receive a bill for medical services you didn’t receive.
- A debt collector calls about a medical debt you don’t recognize.
- Your credit report includes healthcare debts you don’t understand.
- An explanation of benefits (EOB) from your insurer or a Medicare Summary Notice includes office visits you didn’t make or treatment you didn’t receive.
- You unexpectedly find out you’ve maxed out on a covered insurance benefit — for example, physical therapy visits — and discover treatment or services you did not get.
- Someone asks in a call or email for your Medicare or insurance number as part of a healthcare “survey” or offer of free medical products or services.
How to prevent medical identification theft
- Shred insurance forms or any other paperwork with medical information. Keep electronic copies of such records secure.
- Review EOBs, bills, and other correspondence from insurers and medical providers. When you don’t recognize a name or treatment date, notify your insurer immediately.
- Check your online insurance records at the end of each year or twice a year.
- Monitor your credit reports.
- If you’re concerned, act quickly to correct mistakes. Healthcare providers are obligated to give you records.
- File a police report, and give copies to your medical providers, insurers, and the credit bureaus. It can help protect you if an identity thief starts using your information for fraud.
- Ignore offers of free health services or products if you’re asked for insurance information.
- Don’t provide medical or insurance information over the phone or in an email unless you started the exchange.
- Don’t give medical or personal information in response to an unsolicited call or email from someone who claims to be from Medicare. A Medicare representative will call only if you initiated contact.
- Don’t answer questions from a caller who says he or she is conducting a health survey and needs your Medicare or insurance number.
- Don’t give your insurance information to a family member or friend, even if it’s to help them get treatment. Whatever the intent, it’s considered fraud against medical providers and insurers.
It’s worth the effort to monitor your health records closely, addressing any errors quickly. Share personal and health insurance information only when necessary. In addition, you should pay close attention to any EOBs from insurers and get an annual summary of all benefits paid.
You should also contact your insurer or provider about charges for care you didn’t receive, even when there is no money involved. Keep copies of all your healthcare records.
Updated:  
June 13, 2023
Reviewed By:  
Janet O’Dell, RN