Medical Identity Theft: What It Is, How It Works

What Is Medical Identity Theft?

Medical identity theft involves fraudulently using a person’s health insurance information to receive reimbursement for healthcare services provided to an individual not covered by the policy. Both patients and providers may commit fraudulent medical claims, depending on circumstances. Information can also be stolen by employees or external hackers to sell personal identifying information (PII).

Key Takeaways

• Medical identity theft is the fraudulent use of a person’s health insurance information to receive reimbursement for healthcare services.
• Fraudulent medical claims can be committed by both patients and providers, and information can be stolen by employees or external hackers.
• Insurance providers commit identity theft to obtain reimbursement for procedures not performed on the insured individual.
• Medical identity theft has similar consequences to other types of identity theft, including lowered credit ratings, denial of services, increased costs of coverage, and denial of coverage.
• Guarding your private information, monitoring credit reports, and reviewing insurance company bills can help prevent or detect medical identity theft.

Understanding Medical Identity Theft

Medical identity theft involves using insurance coverage information for one individual to obtain or pay for care for another individual. Medical organizations accounted for 30% of all observed enterprise attacks between 2006 and 2016.

Perpetrators can include hackers who use social engineering to obtain social security numbers and health insurance information from medical providers and patients. However, data loss can also occur through the theft of devices or the leaking of private information by employees.

Patient data loss from unauthorized access to databases of insurance companies or healthcare providers is similar to other types of identity theft. Employees who steal patients’ data may have motivations such as greed, revenge, or other agendas.

Use of Stolen Medical Identities

Stolen health insurance information is misused in two primary ways.

1. Consumers steal insurance information to cover benefits their insurance may not include, or because they have no insurance at all. For example, a drug trafficker might use fraudulent insurance information to purchase prescription drugs.
2. Providers may file fraudulent claims on an individual’s insurance to obtain reimbursement for procedures they never performed. They may do this to offset the cost of treating uninsured or under-insured clients.

Victims of medical identity theft can suffer similar outcomes to victims of other types of identity theft, including lowered credit ratings and denial of services. If maximum benefit thresholds are triggered on a policy, policyholders may be unable to receive timely coverage for urgent treatments. The cost of insurance may increase, or coverage may be denied altogether for fraudulent treatments related to conditions like diabetes, osteoarthritis, or cancer.

Erroneous medical records resulting from medical identity fraud can have even more significant consequences. For example, if an identity thief enters the wrong blood type into a patient’s medical records, it could endanger their life if they need a blood transfusion.

Avoiding Medical Identity Theft

The best protection against theft is constant monitoring using honeypots and other security practices. Portable storage devices should be regulated, and their use and location should be carefully recorded. Employee access to patient data should be monitored and granted based on their work responsibilities.

The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare facilities in the U.S. to follow strict guidelines for handling patient data, including insurance information.

Providers who commit medical identity theft usually do so to obtain reimbursement from insurance companies or the government for services they did not provide. To detect and prevent this fraud, consumers should carefully review benefit payment explanations from their insurers. If they receive a statement for a procedure they did not receive, they should contact their insurance provider immediately.

Medical identity thieves typically need a patient’s Social Security number and medical insurance information. Therefore, consumers should guard this information and only provide it when necessary and when its security is guaranteed.

Credit Reports

Consumers should monitor their credit reports for unpaid medical bills in collections. The Fair Credit Reporting Act provides for a free credit report from each of the three credit reporting bureaus once a year.

Federal law also entitles consumers to free credit reports if adverse action has been taken against them, such as denial of credit, insurance, or employment, or if they receive reports from collection agencies or judgments. Reports must be requested within 60 days from the date of the adverse action.

Consumers whose main income is from Temporary Assistance for Needy Families (TANF) benefits, unemployed individuals planning to look for a job within 60 days, and victims of identity theft are also entitled to a free credit report from each of the reporting agencies.