Medical identity theft happens when someone uses your name or insurance information to receive health care or submit fraudulent claims. Like other types of identity theft, medical identity theft can cause significant financial problems for victims. You may receive bills for expensive procedures you never had or start receiving calls from debt collectors for payments you never incurred.
According to a recent report, in 2023, the Federal Trade Commission received more than 13,000 reports of identity theft related to medical services.
There are several actions you can take to avoid medical identity theft, such as creating strong passwords, disposing of medical records properly, safeguarding your medical insurance card, and being careful about sharing your medical information with others.
Here’s what you need to know about medical identity theft and how to protect yourself:
How can medical identity theft occur?
Medical identity theft can occur due to database breaches, improper disposal of medical records, phishing scams, or theft from a healthcare provider.
If your personal information ends up in the hands of the wrong person, it could be used to buy prescriptions or someone could try to obtain medical services using your insurance.
Breached databases can expose personal medical information
With so much sensitive information stored electronically, database breaches can be catastrophic. A breach occurs when an unauthorized person gains access to a database, either physically or virtually. Once a database is breached, criminals can gain access to sensitive details that they can use to obtain medical services using the victim’s name and medical information. According to Experian, your information could later be exposed on the dark web where some medical records can be sold for large sums.
Improper disposal of sensitive medical records
Sensitive medical records contain information that criminals can use to steal your medical identity. You, your healthcare providers, and your insurance company all have copies. Although healthcare providers and insurance companies are legally required to safely dispose of all medical records, you are responsible for managing your records.
Phishing scams
If you receive an email or text message asking for medical or personal information, such as your Social Security number, it may be a phishing attempt in which a scammer claims to be from a trusted organization, such as a bank, and tries to convince you to voluntarily reveal some details. The scammer may then be able to use your insurance for medical treatment or may sell your information to third parties.
Never give your data to an unknown entity. If you receive a suspicious email or message asking you to click a link or open an attachment to update your medical or billing information, it’s probably a scam.
Internal theft by healthcare workers
Medical identity theft sometimes occurs when a healthcare provider steals sensitive medical information. While this type of crime is rare, the stolen documents could be used to file false insurance claims or the information could be sold to criminals.
One of the key goals of the Health Insurance Portability and Accountability Act (HIPAA) is to provide protection against medical identity theft. The law requires health care providers, plans, and clearinghouses to safeguard patients’ medical information.
How to Prevent Medical Identity Theft
There are several steps you can take to protect yourself from identity theft, and most of them are pretty simple. These are the most effective ways to protect yourself:
1. Protect your medical insurance cards
Your medical insurance cards contain a lot of sensitive information that criminals can use to steal your identity. Make sure you keep your insurance cards in a safe place. Other items you should protect include:
- Medical insurance enrollment forms
- Prescriptions and prescription bottle labels
- Medical expenses
- Statements on Explanation of Health Insurance Benefits (EOB).
2. Review medical claims for any inaccuracies
Get into the habit of always reviewing medical claims for any inaccuracies. They may contain early signs of identity theft, and by catching identity theft early, further damage can be prevented.
If you notice an inaccuracy in your medical statement, contact all affected healthcare providers and health insurance companies for more information. You have the right to inspect and obtain copies of your medical records. This will help you determine whether inaccurate information indicates medical identity theft.
3. Be careful about who you share medical details with
You probably don’t go around sharing financial details with acquaintances, but you might not think twice about talking about your health problems with a friend. To protect yourself from medical identity theft, be careful about discussing medical details, such as your health plan information.
4. Use strong passwords for online patient portals
Online patient portals contain your sensitive medical information, so it is vital to safeguard access to them. You can do this by choosing strong passwords that contain a combination of letters, numbers, and non-alphanumeric symbols.
Avoid using passwords that are guessable, such as those containing your date of birth or the name of a pet. Identity theft experts highly recommend using a password manager, which will help you generate and store unique logins for all your accounts. If you write down your passwords, make sure you keep them in a safe, hidden place.
5. Safely dispose of medical documents
Medical documents, such as bills or health insurance EOB statements, also contain a lot of sensitive information. When disposing of healthcare documents, do so safely using a shredder.
For healthcare providers, HIPAA establishes requirements for the secure disposal of sensitive patient information and requires training for employees who handle patient data.
How to report medical identity theft
Victims of medical identity theft must complete the following steps:
- File a report with the FTC by phone at 1-877-438-4338 or online at Identitytheft.gov.
- File a report with your local police department (and get copies).
- Contact your health care provider and your insurance company’s fraud department and share a copy of the police report.
You should also consider placing a freeze or fraud alert on your credit records. You can do this by calling each of the three major credit bureaus: Equifax, Experian, and TransUnion. You can also request a freeze online directly through the credit bureaus’ websites.
You’ve probably heard of identity theft, but it’s usually related to fraud: someone steals your personal information to gain access to your money. Medical identity theft is a lesser-known but equally dangerous threat that can jeopardize your finances and health.
Read on for a description of medical identity theft. Learn about the many ways it can occur, then get tips on how to protect yourself (and your loved ones) from medical identity theft.