**Updated July 12, 2019**
While the first principle in healthcare is “Do No Harm,” the same motto hasn’t been applied to how the personal information of those receiving care is protected. With a surge of data breaches, specifically in the healthcare sector, it’s critical that individuals and their employers acknowledge the risk of having their medical information fraudulently used by cybercriminals.
Few have heard of medical identity theft and even fewer understand its impact and warning signs. It is the most expensive, time-consuming and fastest growing form of identity theft in the U.S. And most notably, this complex crime comes with some rather deadly consequences.
What is Medical Identity Theft?
Medical identity theft occurs when a criminal uses an individual’s personally identifiable information (PII) or insurance information to receive medical attention or prescription drugs. It can create catastrophic financial, medical and legal consequences for victims — including unpaid medical bills and convoluted medical histories.
Unlike credit card fraud victims, who are legally protected for losses over $50, medical identity theft victims have no overarching legal protection or right to recover their losses. It can cost an individual up to $13,500 to pay off fraudulent medical charges.
The Federal Trade Commission recorded 13,833 reports of medical services fraud in 2018, an 103% increase from 2017. The growth stems from a “perfect storm” surrounding the hacking of medical information and lack of confirmation of patient identification.
How Does Medical ID Theft Happen?
With the prominence of electronic medical records and poor data security practices, the healthcare sector is uniquely vulnerable to data breaches, especially large-scale hacks. The Identity Theft Resource Center research found the industry had the highest rate of exposure per breach and the second largest amount of breaches and in 2018 – with 9,927,798 records exposed.
These stolen records are sold and traded on the online black market. Medical data is one of the highest-valued pieces of PII on the black market. With the recent surge in supply from large-scale healthcare hacks such as Quest Diagnostics, LabCorp, and Inmediata Health Group, bad actors are itching to make a profit and selling patient information at a discount.
Once information is obtained, criminals simply present your personal information at the time of treatment. Unless photo identification is checked, they are assumed to be you and are granted medical care at your expense.
While detection takes many forms, most victims discover medical identity theft upon receiving an unfamiliar medical bill. If the insured individuals notice something suspicious, they should contact the appropriate parties, including the police and Federal Trade Commission, to begin resolution.
Individuals should consider the following signs as red flags for medical identity theft:
- Inexplicably denied health insurance benefits
- Medical benefits that suddenly exceed annual insurance policy limits
- Unfamiliar prescriptions obtained in their name
- Another person’s information on their medical file
- A doctor questioning them about a visit they have no knowledge of
- Being contacted by an insurance provider about a bill for an unknown medical treatment
- Receiving an invoice for medical services they never received
How to Prevent Medical Identity Theft
A few simple tactics can make a world of difference. Consider the following information to be “Doctor’s orders”:
Protecting your medical identity theft takes a keen eye and proactive approach. Keep all personal and medical documents securely stored and be wary when providing such information online or over the phone. Frequently review your Explanation of Benefits (EOBs), credit report and medical records for signs of unfamiliar activity.
For Benefits Professionals
You play a vital role in the prevention of medical identity theft. Securely store employee information, especially health insurance data, and follow company-wide data security practices. Educate employees about the risks, especially in relation to open enrollment. Always communicate when and how employees will be receiving insurance information so they can better anticipate scams.