You surely know about the dangers of identity theft, where someone who has obtained some of your personal information, such as your Social Security number, uses that to get money (often yours) or credit. It can cause massive headaches, at the very least. There’s not just a single kind of identity theft, though. There’s one kind in particular that has been happening more often lately. You probably don’t know about it and you definitely should. It’s medical identity theft.
The Federal Trade Commission has warned consumers about this growing danger, explaining medical identity theft thusly: “A thief may use your name or health insurance numbers to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief’s health information is mixed with yours, your treatment, insurance and payment records, and credit report may be affected.”
A growing problem
Here’s how much of a growing problem medical identity theft is: There’s a Medical Identity Fraud Alliance, or MIFA. And it has studied the matter, estimating that 2.3 million Americans were victimized by it in 2014, up almost 22% over 2013. That’s a lot of people — and a fast growth rate. Worse, along with the Ponemon Institute, MIFA has surveyed Americans, finding that among victims of medical identity theft, 65%, about two-thirds, ended up spending an average of $13,500 to straighten matters out. Victims also lost a lot of time — an average of about 200 hours spent trying to resolve their cases. Can it get any worse than that? Yup, it can: the folks at MIFA found that only 10% of those surveyed reached a “completely satisfactory conclusion of the incident.” And while about a fifth of victims suffered a decrease in their credit score, almost a third lost their health insurance.
Part of the problem likely stems from cyberattacks and security breaches at major corporations, when thousands or millions of people’s data is stolen in one fell swoop. That happened recently at America’s second-largest health insurer, Anthem, for example, and even more recently at Premera Blue Cross, based in Washington State. Premera Blue Cross’ breach is believed to affect 11 million members, and a Reuters report has explained that “the attackers may have gained access to claims data, including clinical information, along with banking account numbers, Social Security numbers, birth dates and other personal data in an attack that began in May 2014 and was uncovered on Jan. 29 of this year.” See some potential problems? Right. (Anthem believes that medical information was not stolen in its breach that affected close to 80 million people.)
What to do
Fortunately, if you’re now quivering in fear, worrying about being victimized, know that you’re not completely powerless. There are some steps you can take to reduce your chances of falling prey:
Check your credit reports regularly for any strange unpaid bills that an identity thief might have generated. You’re entitled to one free copy of your credit report each year from each of the three main reporting bureaus, and you can access those at AnnualCreditReport.com. To be strategic about it, you might space out your three annual copies, requesting one every four months, so that you’re getting information more regularly than once a year.
It also helps to know your Health Insurance Portability and Accountability Act rights and to ask your healthcare providers if you can see your electronic health records, to check for errors — especially if you know or suspect that you’ve been victimized. Read your explanation-of-benefits statements from providers, too, to check for any fraudulent charges. Know that you can ask health plans and medical providers for an “accounting of disclosures,” too, which is a listing of who has received your records and what information they received. You should, by law, be able to get one copy per year from each provider.
Don’t give out your personal information to friends or family members so that they can access some medical care. The data from MIFA shows that about a quarter of victims had given identifying information to a friend or family member.
Be on the lookout for scams, such as if someone claims to work for a healthcare company and offers you some services for free or for a too-good-to-be-true price, requiring your Social Security number or other personal data.
If you find that you’ve been victimized — and it can take several months for someone to notice, perhaps after receiving an unexpected bill or a collections notice — report it. Many people don’t report medical identity theft. Reasons include being embarrassed (such as if they gave their information to a trusted person) or not knowing where to report it. You can report problems to your health care provider, your insurer, and federal and state authorities. You can also contact your local police department, your state Attorney General’s office, and the Department of Health and Human Services.
Medical identity theft is a scary scam, but by taking certain steps, you may be able to either avoid it or minimize its damage, should it happen to you.