With ordinary identity theft, someone impersonates you for personal gain. Medical identity theft means that someone is using your information for a very specific kind of personal gain: medical treatment. Nearly 43,000 cases of medical identity theft were reported to the Federal Trade Commission in 2021.
Like ordinary identity theft, medical identity theft is emotionally stressful to the victims and takes time and patience to fix. Sometimes the fallout is truly dire: One retiree spent eight years clearing up her arrest for fraudulent opioid purchases made by thieves using her personal information and health insurance card, according to Consumer Reports.
If it goes unnoticed, medical identity theft can leave you on the hook for medical bills and hurt your credit score due to healthcare providers turning “your” unpaid bills over to collections. And in extreme cases, medical identity theft can threaten your life.
For example, suppose a crook heads to the emergency room for care, creating a file in your name. Should you visit that same ER later on, the wrong information could seriously affect the care you receive.
Here’s what you need to know so you can protect yourself, your finances and your peace of mind.
How medical identity theft works
Medical identity theft can happen when someone steals your personal information—such as your name, Social Security number, health insurance account, Medicare or Medicaid number—and uses it to get medical care, buy prescription drugs, buy medical devices or submit claims with your insurance provider.
Thieves can get your personal information in a variety of ways: through data breaches, a lost or stolen wallet, or even from your medical records at your doctor’s office. In some cases, medical professionals submit false insurance claims using patients’ personal information.
Signs of medical identity theft
It’s important to keep an eye out for signs that someone is using your medical information. Look for these indicators:
- You see mistakes in an insurance Explanation of Benefits (EOB) statement, such as coverage for a treatment you didn’t have or a piece of medical equipment you never got.
- You’re sent a bill for medical services you didn’t receive.
- Your credit report shows unpaid medical debt.
- Your health insurance company denies coverage because you’ve exceeded an annual limit—even though you know you’re not close to reaching your limit.
- A debt collector calls, claiming you have unpaid medical bills.
[ Find Out: 10 Signs You’re a Victim of Fraud or Identity Theft ]
What to do if medical identity theft happens
Unfortunately, there’s no central location for your medical records. The FTC advises to get copies of your records from every provider you use: doctors, clinics, the hospital, laboratories and pharmacies. (Note: In some cases you might have to pay for copying and mailing costs.)
Next, review all those records for instances of fraud. Point out each one to medical providers, and ask that these be either deleted or corrected. Include copies (not originals) of any documentation that supports your claim.
You need to do this in writing. The FTC suggests using certified mail or some other method that lets you confirm that the information was received. The medical providers have 30 days to respond, and they are required to notify anyone else who might have this incorrect information.
[ Read: What to Do When Your Identity is Stolen ]
Does HIPAA apply in this case?
One provision of the Health Insurance Portability and Privacy Act (HIPAA) is that consumers are entitled to copies of their health records from providers and insurers. If you learn that a thief used your identity to get treatment, you have the legal right to ask for copies of the medical and billing records.
Some medical providers mistakenly believe that they can’t give copies of records if medical fraud has occurred, on the grounds that the care was for someone else. This is not true, according to the FTC. You absolutely have the right to access your records.
Consider asking for an “accounting of disclosures”
You have the right to ask for one of these every 12 months. Medical providers keep track of how a patient’s information is passed along to other entities, such as another medical provider or your insurance company.
This accounting might provide clues as to how your information was stolen, such as a misdirected fax. If this is the case, you are allowed to file a complaint about this violation of privacy with the U.S. Department of Health and Human Services’ Office for Civil Rights, at www.hhs.gov/ocr.
Check your credit, too
Order free credit reports from the three major bureaus through AnnualCreditReport.com or by phone at 1-877-322-8228. Look them over for any medical billing errors or medical debt collection notices. If you find any, report them to all three bureaus. See the “What To Do Next” section of IdentityTheft.gov for instructions on how to do this.
Also, consider freezing your credit reports. This keeps the medical identity thief from opening new accounts in your name. (Note: If you want to open a new line of credit later, you’ll need to lift the freeze to do so.) You must do this with all three bureaus:
Reporting medical identity theft
Alert your health insurance provider to any fraudulent claims that have been filed using your information. If crooks have used your Medicare information, you must contact the Medicare fraud office.
You should also report medical identity theft to the FTC by phone at 1-877-438-4338 or through IdentityTheft.gov. If you do this online, you’ll get an Identity Theft Report to include in your documentation. The website gives you the option of creating an account, which tracks and updates your progress as you handle the aftereffects of the fraud.
How to prevent medical identity theft
You’d never be careless with a credit card, right? Well, your health insurance card or Medicare card basically are credit cards, with very high limits. Think of them that way, and use the following tactics to protect yourself.
Guard your card
Never give your Medicare or health insurance card or card numbers to anyone except a healthcare provider or your insurance company.
Read your mail
If you have a lot of healthcare providers, keeping track of Explanation of Benefits statements can be time-consuming and maybe a little confusing. But it’s essential that you match the care you actually received with the care they claimed you received.
Read each EOB as it comes in. If it doesn’t look right, contact the provider immediately. While it’s possible you were simply confused by medical jargon, it’s also possible that someone else is using your benefits.
Don’t be fooled
Bogus “healthcare companies” may offer free medical treatment, gifts or even cash if you sign up with your Medicare information. “Representatives” of these companies may try to drum up business door-to-door, or in places like medical waiting rooms.
Never share your Medicare card with anyone except your physician or some other legitimate healthcare provider.
Be wary of phone calls
If a caller claims to be conducting a survey and asks for your Medicare number, hang up. Don’t join a Medicare plan (including drug plans) over the phone unless you were the one who initiated the call.
Medicare representatives don’t make cold calls, never try to sell you something and will not knock on your door. Only two exceptions exist:
- You called Medicare to ask for help and left a message, or you spoke to a customer service representative who said someone would call you back.
- You already have a Medicare health or drug plan. In this case, you might also hear from the agent who helped you sign up. But in this case, there would be no need for someone to ask for your personal contact information. They already have it.
Privacy is paramount
Store all Medicare documents, EOBs, healthcare bills and any piece of paper with medical information in a safe place. This is especially important if you have people come in to do repairs, clean or help with personal care.
When it’s time to toss sensitive documents, shred them first. And before throwing away or recycling prescription bottles, use a dark marker to cover medical and personal information.
If you have a non-locking mailbox, be sure to pick up the mail as soon as it’s delivered. Sometimes thieves steal mail in order to steal identities. Consider going paperless for EOBs and medical billing.
The bottom line
Medical identity theft doesn’t just affect your peace of mind. It can be costly, can hurt your credit score and possibly threaten your life. Make every effort to guard your personal information, and read all medical billing to make sure you’re not being ripped off.
And if you find that crooks have compromised your identity? Use the steps noted above to report—and halt—the fraud.
[ Keep Reading: How Seniors Can Protect Their Credit and Identity ]