When 43 percent of all identity theft cases use the same basic scheme, you might think it would be a top-of-mind concern for consumers. Unfortunately it’s quite the opposite.
Few have heard of medical identity theft and even fewer understand its impact and warning signs. It is the most expensive, time-consuming and fastest growing form of identity theft in the U.S. And most notably, this complex crime comes with some rather deadly consequences.
What is Medical Identity Theft?
Medical identity theft occurs when a criminal uses an individual’s personally identifiable information (PII) or insurance information to receive medical attention or prescription drugs in their name. It can create catastrophic financial, medical and legal consequences for victims — including unpaid medical bills and convoluted medical histories (including mismatched blood types, drug allergies, etc.)
Unlike credit card fraud victims, who are legally protected for losses over $50, medical identity theft victims have no overarching legal protection or right to recover their losses. On average, medical identity theft victims spend 200 hours and $13,450 out of their own pockets to resolve the crime.
Approximately 2.3 million Americans were victims of medical identity theft in 2014. This figure rose by 21.7 percent from the previous year, and is projected to continue to grow. The growth stems from a “perfect storm” surrounding medical identity theft, that’s making everything relatively easy for criminals to get away with.
How Does Medical ID Theft Happen?
With the prominence of electronic medical records and poor data security practices, the healthcare sector is uniquely vulnerable to data breaches, especially large-scale hacks. As of 2016, the medical sector had 15 million records exposed in data breaches (that’s nearly half of all types of leaked records.)
These stolen records are sold and traded on the online black market. Medical data is one of the highest-valued pieces of PII on the black market; however, with the recent surge in supply from large-scale healthcare hacks (e.g. Anthem, CareFirst and Premera), this type of data is currently selling at historic lows, with prices being slashed by nearly half.
Once information is obtained, criminals simply present your personal information at the time of treatment. Unless photo identification is checked, they are assumed to be you. (There are no laws requiring photo ID be checked.)
While detection takes many forms, most victims discover medical identity theft upon receiving an unfamiliar medical bill. If the insured individuals notice something suspicious, they should contact the appropriate parties, including the police and Federal Trade Commission, to begin resolution.
What insured individuals should look out for:
- Inexplicably denied health insurance benefits
- Medical benefits that suddenly exceed annual insurance policy limits
- Unfamiliar prescriptions obtained in their name
- Another person’s information on their medical file
- A doctor questioning them about a visit they have no knowledge of
- Being contacted by an insurance provider about a bill for an unknown medical treatment
- Receiving an invoice for medical services they never received
How to Prevent Medical Identity Theft
A few simple tactics can make a world of difference. Consider the following information doctor’s orders…
Preventing medical identity theft takes a keen eye and proactive approach. Keep all medical information securely stored and be wary when providing such information online or over the phone. Frequently review your Explanation of Benefits (EOBs), credit report and medical records for signs of unfamiliar activity.
For Benefits Professionals
You play a vital role in the prevention of medical identity theft. Securely store employee information, especially health insurance data, and follow company-wide data security practices. Educate employees about the risks, especially in relation to open enrollment. Always communicate when and how employees will be receiving insurance information so they can better anticipate scams.