Table of Contents:

What is Medical Identity Theft?

Medical Identity Theft2Medical identity theft occurs when a criminal uses your personally identifiable information (PII) and medical information to receive treatments, prescription drugs or to bill you for services you did not receive. Medical identity theft is hard to detect and even harder to repair.

Approximately 2.3 million Americans were victims of medical identity in 2014, according to a 2015 Ponemon Institute study, which is a 21.7 percent increase from the previous year. It has an extensive economic impact and is estimated to cost the country tens of billions of dollars every year. Medical identity theft accounts for 43 percent of all identity theft — making it the fasting growing form of identity theft. On average, victims spend 200 hours and $13,450 in out of pocket expenses to resolve medical identity theft.

In 2009, the Identity Theft Resource Center’s Aftermath survey had 10 percent of respondents indicate that they had some kind of medical identity theft issue. In 2013, that number more than doubled with 21.4 percent of respondents experiencing a problem.

A Crime With Deadly Consequences:

When a criminal steals your medical information, they put your life at risk. If someone poses as you to receive treatment, your medical records will become intertwined. This means you may unknowingly receive the wrong blood type should you require a transfusion, be misdiagnosed, or receive a different prescription because of fraudulent activities on your medical records.

As a result of medical identity theft, criminals can destroy your credit record and health insurance through fraudulent medical bills. With the amount of personal information they already have, it is easy for criminals to take advantage of you financially as well. Because of these fraudulent activities, many will have to endure costly and prolonged legal troubles.

How is Your Information Exposed?

Data Breaches

The U.S. Department of Health and Human Services has recorded between 27.8 million and 67.7 million people who have been affected by a breach since they began keeping records in 2009. It’s no surprise so many people have been affected; 94 percent of all health care facilities admit to experiencing some form of data breach or attempt to steal information. Breaches allow crooks to access to an abundance of personal information including your names, addresses, SSNs, medical records and more. They can then use these pieces of information to commit fraud.

Corrupt Health Care Professionals

Medical records have a large black market value and health-related employees are aware of this. Just how valuable is this information? Stolen medical information has a street value of $50 in comparison to $1 for a Social Security number.


Scammers might ask you for your insurance number of medical records, over the phone or online. They usually employ scare tactics to try to manipulate victims into giving them their information. Remain calm and only provide information to trusted providers in-person.

Employee Error/Unsecure Devices

Eighty-eight percent of organizations permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their organization’s networks or enterprise systems such as email. Most of these organizations are unaware of whether or not these devices are secure. While most healthcare facilities adhere to relaxed policies regarding this matter, 75% of healthcare organizations still believe employee negligence is their biggest security concern.

It Can Happen To You

  • A Massachusetts psychiatrist created false diagnoses of drug addiction and severe depression for people who were not his patients in order to submit medical insurance claims for psychiatric sessions that never occurred. One man discovered false diagnoses when he applied for a job. He hadn’t even been a patient.
  • A dental office employee gained access to protected information of Medicaid patients in order to illegally obtain prescription drugs.
  • A Pennsylvania man’s identity was used at five different hospitals to receive more than $100,000 in treatment. With every visit, the imposter’s medical information became increasingly intertwined with his victims.
  • A Colorado man whose Social Security number, name, and address had been stolen received a bill for $44,000 for a surgery he not undergone.

Overall, to protect yourself from medical identity theft, only provide your medical or insurance information to providers you know and trust. Always ask how they ensure that your information is protected? Don’t worry, it’s ok to ask these questions and with the dramatic increase in medical identity theft they should understand.

Warning Signs

Most victims discovered medical identity theft when the medical provider or a collection agency sought payment for services never received. Red flags are also commonly found as unfamiliar medical bills or procedures listed on your credit report, insurance benefits or Explanation of Benefits form. Another is if an insurance company denies you due to a preexisting condition that you do not have or if you’ve unexpectedly reached your benefits cap. If you experience this, take appropriate actions immediately.

How have people discovered they were a medical identity theft victim?

  • 4.4 percent were inexplicably denied health insurance benefits
  • 1.6 percent were notified that their medical benefits had exceeded the yearly limit
  • 3.8 percent had prescriptions obtained in their name that were not for them
  • 6 percent discovered another person’s information in their medical file/records
  • 4.4 percent had a doctor question them about a visit of which they had no knowledge
  • 3.3 percent had their insurance company contact or bill them for an unknown treatment
  • 19.8 percent had a medical provider, billing department or collection agency bill them for services never received

Identity Theft Resource Center’s 2013 Identity Theft Aftermath survey

Medicare and Medicaid Fraud

Medical Identity Theft 1

Medicare and Medicaid fraud is also plaguing the health care industry. Both are government-funded programs so these crimes are at taxpayers’ expense. The FBI estimates that Medicare fraud cost taxpayers $17 to 57 billion in 2011.

The Medicare program is a common target for fraud because it’s based on the “honor system.” Doctors are trusted to only bill Medicare the appropriate amounts for needy patients’ services, this is not always the case.

Types of Medicare Fraud:

  1. Phantom Billing: medical providers bill Medicare for fake or unnecessary procedures, medical tests or equipment.
  2. Patient Billing: the patient is in on the scam and provides their Medicare number to the medical provider. The provider then bills Medicare for a fake or unnecessary procedure and the patient plays along when Medicare asks them about it.
  3. Upcoding scheme and unbundling: inflating bills by using a billing code that indicates the patient needs expensive procedures.

There have been major government efforts to combat fraud. In 2013, a medical fraud crackdown led to 89 arrests. Those arrested allegedly defrauded taxpayers out of more than $233 million. But even with crackdowns, new Medicare scams are still emerging.

Want to make a difference in your community? Become a Senior Medicare Patroller with the Department of Aging in your state. Volunteers are trained to identify and report health care fraud. The program is a great way to get involved and make a difference in your community.

Scam Alert: Medical Discount Plans

Interested in obtaining health insurance? Then steer clear of medical discount plans. Medical discount plans are not health insurance or a substitute for health insurance. In many instances, they turn out to be flat-out scams.

Medical discount plans do not pay for health care costs; instead, they just give you a list of providers and sellers who may be willing to offer “discounts” on some of their products or services. The FTC has launched “Operation Health Care Hustle” in hopes of thwarting these deceptive plans.

Warning signs of a medical discount plan:

  1. Promises of specific discounts:
    A phrase like “up to 70% off” is a dead giveaway that something isn’t quite right. Insurance plans will provide you with coverage and copay information, not percentage discounts.
  2. Check with your doctor first:
    Some health care plans say they work with your local healthcare provider but don’t. Double-check with your local provider if you are interested in signing up for a discount plan.
  3. Time-sensitive offers:
    Don’t feel pressured to buy now. Legitimate insurers will give you time to think about what plan best meets your needs.
  4. Requests for personal information:
    Identity thieves may utilize phony medical discount-plan schemes to gather PII. Don’t give personal information over the phone or to an untrusted source. Always verify a potential provider with your state insurance department, your state’s Attorney General and your local Better Business Bureau.

The Future of Medical Identity Theft?

Medical Identity Theft 3In short ­— it’s only going to grow. A priority of the Affordable Care Act is to fully integrate the use of electronic health records. This shift away from hard copy files will leave records vulnerable to hacking. The Affordable Care Act also revoked insurance caps (limits on the number of insurance benefits you could receive). Reaching your insurance caps used to be a key signaler of fraud.

Fraudsters also see the changing landscape of the health care industry as a new and lucrative opportunity. The FTC warns that scammers may be posing as AFA representatives in order to obtain PII to commit identity theft. Only use to shop in the Health Insurance Marketplace. If you need additional assistance, contact them directly. AFA officials will never ask you for money or try to persuade you to purchase a particular plan.

Currently, there is no protection similar to what the Federal Credit Reporting Act gives victims of financial/credit fraud. The Health Insurance Portability and Accountability Act (HIPAA) is the only legislature that gives you the right to access your medical information. They also mandate entities must alert the government of a breach if it affects more than 500 people. However, the enforcement belongs to the federal government, not you, and the damage awards go to them as well.

Some healthcare providers are taking precautionary measures by requiring picture ID along with insurance information before seeing a patient. If your provider does not already have this practice in place let them know it is something you care about. Speaking up saves lives.

How To Protect Yourself:

  1. Keep Files Secure: Store copies of medical records MedicalIdentityTheft4and insurance cards in a secure place. Never provide medical information over the phone or by email and always shred outdated information.

  2. Always Ask Your Doctor to Explain the Reasons for Services: Corrupt doctors may try to bill you unnecessary or overpriced/more expensive services to collect fraudulent insurance or Medicare benefits.

  3. After Care, Examine Your Explanation of Benefits for Accuracy: Your health insurer will send you this form that includes a historical list of treatments. More than 50% of medical identity theft victims discovered the fraud event by finding unfamiliar services listed in their Explanation of Benefits. Notify your provider if you see any that you did not receive. Learn how to read an Explanation of Benefits form here.
  4. Beware of “Free” Medical Services: Medical identity theft is no different than others; fraudsters often prey on victims with scams that appear “too-good-to-be-true.”
  5. Monitor Your Insurance Benefits: Once a year you should request a list of benefits paid under your policy from your insurer.
  6. Monitor Your Credit Report: Unpaid medical bills could affect your credit.
  7. Report Lost or Stolen Insurance Cards: Report missing medical cards to your insurance provider immediately.
  8. Review Your Medical Records with Your Doctor or Receive Copies Yearly: You may receive copies of your medical records by completing a request form from your provider and pay any copying fees. If you do not receive your records within 30 days, you may make a complaint with the U.S. Department of Health and Human Services. Make sure to request copies from each of your providers: physician, hospital, insurance companies, medical labs, and specialty care facilities.

Repairing Medical Identity Theft:

  1. File a police report
  2. Send your insurance and medical providers a copy of the police report:
    Tell them that you want to have your medical records cleared of any incorrect information. You are allotted this right under the Health Insurance Portability and Accountability Act (HIPAA).
  3. Place a fraud alert on your credit report:
    Place a fraud alert on your credit report through the three major credit bureaus: Equifax, TransUnion, and Experian.
  4. File a medical identity theft fraud complaint:
    A complaint may be filed with the Federal Trade Commission or by calling the ID Theft Hotline 1-877-IDTHEFT (438-4338). When you visit their complaint page click on identity theft and select “other.”
  5. Call the Medicare Center
    If you were a victim of Medicare Fraud contact 1-800-MEDICARE to report it