I’m often advising others on medical identity theft. (May I add— more than I would like.) They for some reason equate my enterprise security career with protecting their personal health information (PHI). Timely detection is critical for thwarting medical identity theft. To do so, act immediately if you suspect someone spoofed your medical identity.
Medical identity theft occurs when your PHI is used without your consent. It can add erroneous information to your medical records. Along with PHI, your medical records include personal and financial information, like your Social Security and credit card numbers.
When Your Medical Identity Is Stolen
The first sign of medical identity theft often comes in a bill for medical services you did not receive. Sometimes a bill collector calls about a medical debt that’s not yours. Other signs include unfamiliar medical collection notices on your credit report and misinformation in your medical records.
Inadvertently, medical privacy regulations, like the Health Insurance Portability and Accountability Act (HIPAA), can assist an identity thief. For this reason, be prepared when you call insurers and health care providers. You’ll need proof of your identity along with documentation of your medical identity theft.
Each month when you receive your benefits statements, search for unusual activity. Contact your insurer and each health care provider where you think your identity was spoofed. As best you can, determine the information used by the fraudster. Then, send all documentation regarding what happened to the agencies involved.
Next, you’ll need to straighten out your medical records. Start by identifying where your records were sent by contacting each provider with misinformation. Send each a written request telling them to correct your medical records and include supporting information.
Finally, report what happened to the Federal Trade Commission and the police. Contact credit reporting agencies, like Equifax and Experian to alert them. When using postal services, send documents via email too. Notify the parties that the documents are on the way and ask them to confirm when they arrive.
Detecting Medical Identity Theft
On average people learn of medical identity theft three months after the fact. To detect medical identity theft, follow these guidelines:
- Monitor your health records regularly and maintain copies.
- Obtain summaries of the benefits you receive and pay for.
- Ask questions and address errors as soon as you see them.
- Share personal and health information with providers you contact.
- Never respond to email for "free" medical services or treatments.
- Safeguard insurance cards similar to credit cards.
- Monitor reports credit reports for unusual medical debts.
- Shred outdated medical documents including prescription labels.
- Never use your Social Security Number as a medical record number.
- Contact insurers and providers about care that was not received, even when not charged.
Medical Identity Theft Prognosis
Medical identity theft is costly, time consuming, and potentially physically dangerous. On average, medical identity theft takes over a year to resolve and cost between $13,500 and $22,000 per victim. On the “dark web”, a cyber criminal marketplace, medical records sell for ten times more than credit card information. As a result, the threat of medical identity theft continues to increase. Since Anthem’s cyber attack, 91% of health care organizations report experiencing a security breach. Once compromised, it’s extremely difficult to resolve fraudulent bills and tainted medical records.
This year already information security breaches in the Medical and Healthcare field are up. The Identity Theft Resource Center (ITRC) reports Medical and Healthcare security breaches increased by more than 34% compared to the same period last year. All other industries experienced a 12% increase during this time. Compounding the problem, ITRC experts predict a record increase in tax-related identity fraud due to excessive healthcare breaches exposing Social Security numbers.
If you’re waiting for your health providers and insurance carriers to secure your records, the odds are against you. Rather than asking me, speak to your doctors, insurance agents, and pharmacists about their security prognosis and your concerns.
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.