February 14, 2011
Is There A Cure For Medical Identity Theft?
By Michael D. Shaw
It is hardly news these days to report that identity theft is the fastest growing crime. While no one can pinpoint its origin, it surely proliferated with the explosion of bank credit cards in the early 1990s, and then skyrocketed with the emergence of the Internet, later in that decade. What may come as a surprise, though, is that medical identity theft is a significant part of that enterprise.
In this form of identity theft, the offender will steal your personal information to line his pockets with bogus claims against your own health insurance policy, or he can fraudulently obtain medical treatment and drugs in your name.
Of course, there are financial implications, such as being liable for the non-covered part of someone else’s treatment, and even being denied coverage since your allowed benefits could have been exhausted by the offender. Moreover, medical conditions that you don’t have could now be added to your record.
As such, it is possible that you could receive improper treatment, or lose your insurance completely because of a supposedly undisclosed prior condition.
Back in January, 2007, Business Week reported on the case of retired school teacher Lind Weaver, who was being hounded by hospital bill collectors regarding a past-due balance on a foot amputation procedure. The billing matter was finally resolved when Weaver put both of her feet on the desk of the hospital’s administrator. However, some time later, when she presented for a hysterectomy, she was horrified to discover that the amputee’s medical records—indicating diabetes—were mixed in with hers.
“I now live in fear that if something ever happened to me, I could get the wrong kind of medical treatment,” she says.
The perps can also be health care providers. In 2006, authorities in California broke up a ring that operated out of a health clinic. The group went after seniors, offering them a free checkup, and a case of Ensure. The offenders also obtained personal information, and in a mere three months, were thus able to bill $900,000 for diagnostic tests they had never performed.
Lest you think that only obscure providers mishandle personal information, back in September, 2006, the Feds arrested a scheduling clerk at the Cleveland Clinic’s Weston, FL hospital who allegedly had passed on the personal information of more than 1,100 patients to her cousin, who submitted $2.8 million in false claims to Medicare.
To gain a better understanding of this problem, I recently spoke with Denis G. Kelly, author of The Official Identity Theft Prevention Handbook. I first asked how widespread medical identity theft really is. I have seen reports that as many as 500,000 Americans have been victims of medical identify theft.
“This is extremely difficult—if not impossible—to answer,” said Kelly. “Bear in mind that there is no scoreboard of medical identity theft, the criminals tend to keep a low profile, and victimized institutions don’t like the attention. It is evident the problem is enormous and rapidly growing.”
Kelly pointed out two key characteristics of medical data that make it more prone to identity theft.
1) Compared to other industries, many common identity validation policies are not in place. For example, when you apply for medical insurance, you are not required to show two forms of identity as is required when applying for a job (the Form I-9). Quite often, it is difficult to validate identity at the point of service. What if the patient is incapacitated?
2) Currently, there is no central database of medical records. While credit bureaus have many issues, they aggregate data, and this allows for other identity theft protections such as fraud alerts. Generally, a fraud alert prevents a new account from being established in your name without validating that “you are who you say you are.”
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Privacy Rule establishes national standards to protect medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.
The HIPAA Security Rule establishes national standards to protect electronic personal health information that is created, received, used, or maintained by a covered entity.
But, Kelly notes that “HIPAA doesn’t stop criminals any more than speed limit signs prevent speeding, and HIPAA is less of a deterrent than speed limit signs.” He adds that “It is important for consumers to review the Explanation of Benefits (EOB) statement your health plan sends after each treatment, to assure the accuracy of the name of the provider, and date of service.”
What more can you do to protect yourself from medical identity theft? As the Federal Trade Commission states, there is no foolproof method to avoid it completely, but you can certainly lower your risk.
- Verify a source before sharing information. Don’t give out personal or medical information unless you’ve initiated the contact and you’re sure you know whom you’re dealing with. Be wary of offers of free services or products from anyone who asks for your health plan ID number.
- Safeguard your medical and health insurance information, and don’t be shy to ask your providers how they will secure it.
- Treat your trash carefully. Dumpster diving is still one of the main methods used by medical identity fraudsters. This would include destroying the labels on your prescription bottles and packages before you discard them.
I know this all seems like a pain, but any victim will tell you that preventive measures are definitely worth the trouble.