Avoiding Medical Identity Theft

Like financial identity theft, medical identity theft can leave you responsible for bills you did not incur. But unlike other types of identity theft, it can also affect your medical records, jeopardizing your health. It could even jeopardize your health insurance coverage.


Medical identity theft occurs when another person uses your identity or insurance information to obtain medical services. Since the U.S. Department of Health and Human Services started keeping records in 2009, between 27.8 and 67.7 million Americans have had their medical records breached. By 2013, medical identity theft accounted for nearly half (43 percent) of all reported identity thefts in the U.S., according to the Identity Theft Resource Center.

Victims of medical identity theft do not have the same rights and recourse as the victims of financial identity theft. Federal law limits liability for unauthorized credit card charges to $50, while your liability for unauthorized use of an ATM or debit card depends on how quickly you report the loss. But when your medical identity is stolen, no law limits your financial liability. If you discover fraudulent charges, you must clear your records and prove that the charges are not yours; until you do so, any bills remain your responsibility.

A study by the Ponemon Institute found that more than half of medical identity theft victims had to pay for medical care they didn’t receive to restore their health coverage — more than $22,000, on average. Fraud caused nearly half the victims to lose their health coverage, while one-third saw their premiums rise after the incident. Fewer than 10 percent were able to completely resolve the problem.

The Federal Trade Commission (www. ftc.gov) recommends the following steps to prevent medical identity theft:

Don’t give out personal or medical information on the phone or through the mail unless you’ve initiated the contact and you know who you’re dealing with. Medical identity thieves may pose as employees of insurance companies, doctors’ offices, clinics, pharmacies, and even government agencies.

If you keep copies of your medical or health insurance records, make sure they’re secure, whether they’re on paper or online. If you are asked to share sensitive personal information like your Social Security number, insurance account information or any details of health or medical conditions on the Internet, ask why it’s needed, how it will be kept safe, and whether it will be shared.

Read website privacy policies: They should specify how site operators maintain the accuracy of the personal information they collect, as well as how they secure it, who has access to it, how they will use the information you provide, and whether they will share it with third parties. If you decide to share your information online, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL that begins “https.” Remember that email is not secure.

Treat your trash carefully. Shred your health insurance forms and prescription and physician statements. It’s also a good idea to destroy the labels on your prescription bottles and packages before you throw them out.

Read any “Explanation of Benefits” you receive from public or private health insurers. If anything appears wrong, ask the insurer or provider.

Monitor your credit reports with the nationwide credit reporting companies — Equifax, Experian, and TransUnion — to identify reports of medical debts. If you discover medical identity theft, HIPAA, the Health Insurance Portability and Accountability Act, gives you the right to receive a copy of your health records and make any corrections. It also allows you to receive a notice that tells you how your health information may be used and shared, and a report on when and why your health information was shared for certain purposes.

For more information on protecting your identity, both medical and financial, please contact us.