Medical Identity Theft is on the rise.
Security experts say that cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry.
According to a survey by the Ponemon Institute Think Tank, the percentage of reported criminal cyber attacks on healthcare organizations has risen to 40 percent in 2013 from 20 percent in 2009.
What Are They Doing with the Stolen Data?
Typically, medical fraud scams involve provider billing and over billing.
You probably heard about medical billing scams. That’s because government and health insurance providers have a checks and balances system of sort in place to prevent fraudulent billing, and they https://etechlib.wordpress.com/2012/08/28/my-medical-record-says-what-part-two-what-now/catch it quickly. Then they report it. Then the media gets a whiff of it. They we hear all about it.
Other sorts of Medical Identity Theft are not identified so quickly by a patient or their provider, giving criminals years to milk credentials.
Medical data is more valuable to fraudster than credit cards, which tend to be quickly canceled by banks once the fraud is detected.
Take Ronnie Bogle, a museum supervisor from San Jose, California. He had his medical identity stolen for more than a decade, across several states.
His brother Gary was stealing his identity to get healthcare.
Gary had a simple routine. He’d move to a new place, get a photo ID, then present the ID along with Ronnie’s Social Security number at hospitals and clinics to get treatment. He often claimed to be uninsured when he sought care. After treatment, the bills got sent to his house, not Ronnie’s.
Ronnie discovered what Gary was up to when he applied for a new credit card. He was turned down. His credit report had a lot of unpaid debts- from his brother’s hospital visits and treatments over the years.
“He destroyed my credit history multiple times,” Ronnie said.
It took Ronnie Bogle two years to straighten out his credit card and get his brother’s bills off his financial record. Eventually, Gary was arrested and pleaded guilty to 10 counts of criminal impersonation in California. He’s facing more charges in Washington state for allegedly stealing his brother’s identity there, too.
Here’s some other ideas on what Medical ID thieves can do with your data:
- They can bill your health plan for fake or inflated treatment claims. This kind of fraud is called Insider Fraud, because the crooks are usually employees inside the healthcare system who know how the billing system works.
- They can get medical treatment for free, courtesy of your policy. They take on your identity, go to the Doctor, Hospital, or Clinic, and the bills get sent to your health insurance provider.
- They can obtain drugs. Medical personnel with access to your data can use your identity to get prescription drugs to sell or use themselves. For example, pharmacists can bill your policy for narcotics. Nurses can call in a prescription in your name, then pick it up themselves.
- They can sell your patient information on the black market.
They can set up fake clinics using the data stolen from many patients, then bill insurance companies for fake treatments. They can buy medical equipment for the fake clinic, then sell it on the black market.
- They can mess up your credit and your finances.
- The most dangerous aspect of medical identity fraud is when the thief’s record, history and diagnosis get mixed up with your records, delaying, tainting, and complicating your own care, even causing you to receive erroneous treatment if you need a hospital or clinic, based on the information in your file that’s about them, not you.
Imagine if a Medical Data thief uses your stolen insurance card to get diagnsis or treatment for diabetes. Your Doctor is going to want to see your toes the next time you come in.
Or, in a more extreme version, if a pregnant woman uses stolen data to get maternity care at the hospital near your home, you may be charged with neglecting “your” baby.
This is what happened to Anndorie Cromar.
The woman used Cromar’s data to sign into the maternity ward in a hospital near Cromar’s home. The baby was born with drugs in her system and Child Services were alerted. The State went after Cromar and threatened to take away the rest of her kids. She had to take a DNA test to get her name off of the infant’s birth certificate. The rest of her records took years to correct.
47 percent of victims of Medical Identity Theft that participated in a study by the Ponemon Institute said that their identity theft was perpetrated by a relative or someone else they knew. Twenty-four percent said they had a situation like Bogle’s, where a relative stole their identity without their knowledge or consent. Surprisingly, an additional 23 percent of respondents said they willingly shared their credentials with someone they knew.
It’s “Friendly Fraud.”
Of those who said they shared healthcare credentials that way, 91 percent reported that
it was because the other person had no health insurance.
86 percent said it was because the other person couldn’t afford medical treatment.
Sixty-five percent said it was done in an emergency.
Unlike financial identity theft, there’s no straightforward process for challenging false medical claims or correcting inaccurate medical records.
If a thug steals your wallet and runs up your credit cards with expenditures, there are systems in place to keep it simple.
You need to request that the three major credit bureaus provide you a free credit report, place a fraud alert on your accounts, and work with your creditors to get inaccurate charges removed.
Identity theft is often discovered early on the financial side because credit card issuers have sophisticated systems for detecting fraud. Also, nearly all financial institutions use one or more of the three credit reporting agencies. There’s a centralized data base so it’s easier to track for fraud.
With medical identity theft, it’s not that simple. Your medical records are likely to be interspersed among a number of different providers, and there’s no merged or even single “medical records clearinghouse” that keeps them. You probably don’t have a complete copy of all your medical records. You can get a copy, but you may have to pay for it. When there’s an error on your record, you can add a correction, but you can’t delete any of it.
Ironically, if you suspect that you are a victim of Medical Identity Theft, you may not be granted access to your own records. Once they are intermingled with another patient’s records, that person’s privacy must be protected under HIPAA.
Ponemon Institute found that it took an average of more than three months for victims to even detect the fraud and more than 200 hours to undo the mess.
65 percent of the medical identity theft victims surveyed by Ponemon said they spent an average of $13,500 to pay the healthcare bills run up in their name, to recover their health insurance, and to pay lawyer’s fees, among other things.
Prevention Is Easier:
- Read the Explanation of Benefits, or EOB, statement that your insurance provider sends you after you’ve received covered treatment. Confirm that the information about the date of service, type of service provided, and the provider are all correct.
- Request a complete list of payments made from your health insurance company on an annual basis. Review it.
- Be Aware when you are at the doctor’s office or pharmacy.
Just like when you are using a credit card, pay attention to who’s nearby when you’re giving the staff your insurance card.
- Don’t leave your medical insurance card sitting around for others to see.
- Shred documents associated with your health insurance, especially those containing your account number and personal information.
- Periodically, check for discrepancies with the Medical Information Bureau (MIB). The MIB is like a “credit bureau” for health-related personal information. It has a comprehensive list of insurance companies that belong to it. Any time an individual applies for life or health insurance, this information is probably reported to the MIB.
- Get a current copy of your medical records. Most Doctor’s offices will be able to easily provide records for the last couple of years. For a full file, you may need to pay. Keep them in case they are tampered with in the future.
- Exercise your right for a free annual copy of your credit report. Most Medical Identity Theft is noticed when the claim makes the transition to the billing department. If you have an unpaid medical bill on your credit report that you don’t recognize, you’ve probably a victim of Medical Identity Theft.
Don’t post news of an upcoming surgery on Facebook or other social media outlets.
- A good rule of thumb for social media in general is, if you’re not comfortable having the information plastered on a billboard, don’t put in out there on the World Wide Web.
The more interaction you have with the healthcare system, the more vigilant you ought to be. Some people are more susceptible to Medical Identity Theft than others. People on Medicare, whose Social Security number is on their medical card, are a gateway to all kinds of fraud. Older people are more susceptible to scams because they tend to give away personal health information indiscriminately. Children’s health records are very attractive to Medical Identity Fraudsters, because a child is not likely to be checking their credit report for a while, so unpaid medical debts can go unnoticed for longer. New mothers, surgery patients, and people with chronic conditions like diabetes – or serious illnesses, like cancer, are also vulnerable, because they interact with the system a lot. The more interaction you have with the healthcare system, the more opportunity there is for records to be breached. Last but not least, millenials and anyone who casually posts a lot of personal information online. Medical Identity Fraudsters are very good at collecting information from social media or other apps and putting it together with other data they have on you, like an address or date of birth.
What to Do If You Are a Victim of Medical Identity Theft:
- File a police report. Send a copy of the report to your insurer, medical providers and all credit bureaus.
- Call your insurance company. You will be put in contact with the fraud department. They’ll disable your health insurance account, give you a new account and card, and assist you with the process of dealing with any billing, collections or records issues.
- Request access to your medical records. If you even suspect you’re a victim of Medical Identity Theft, get a copy of your records from your doctor, hospital, pharmacy or laboratory. Correct errors immediately.
- Contact the three major credit bureaus, your bank or financial institutions, and your credit card issuers. Inform them that your medical identity has been stolen. Place a fraud alert and freeze your credit so the scam doesn’t complicate your credit score any further.
- File a medical identify theft complaint. File a complaint with the Federal Trade Commission (FTC) or call the FTC’s toll free hotline at (877) IDTHEFT.
- If you are refused access to your medical records, appeal. To appeal, follow the steps outlined in your medical provider’s notice of privacy practices. If you still aren’t satisfied, file a health-privacy complaint with the U.S. Department of Health and Human Services or call 1-800-368-1019.
The effects of Medical Identity Theft are far-reaching, costing the victims time, money and aggravation. Awareness is growing by the day. In terms of prevention and support, there is more work to be done to safeguard healthcare consumers from Medical Identity Theft. Experts are working on new ways to prevent it. They are using software that prevents fraud in billing and training staff and consumers to notice warning signs and ask for photo IDs.
There will be more extensive verification screening in the future, like the use of fingerprints.
Hopefully, in the future, we will see a decline in the occurence of Medical Identity Theft with minimal inconvenience to Doctors, patients, and insurance companies.
We are MedWaste Management – California’s medical waste disposal experts!
Established in 2008, MedWaste Management brings great benefit to the healthcare industry and the general public alike. We publish this blog to to spread useful and practical information to help people stay safe, smart and healthy!
Call us with any questions or to start service at (866) 254-5105. We are always happy to speak!
Check out our services and other great resources in the links below.