What Is Medical Identity Theft?
Medical identity theft is when someone uses your name or insurance information to receive health care or file fraudulent claims. Like other types of identity theft, medical identity theft can cause significant financial problems for victims. You could receive bills for expensive procedures you never had or start getting calls from debt collectors about payments you never incurred.
In 2023, the Federal Trade Commission received more than 13,000 reports of identity theft related to medical services, according to a recent report.
There are several actions you can take to avoid medical identity theft, such as creating strong passwords, properly disposing of medical documents, safeguarding your medical insurance card and being cautious about sharing your medical details with others.
Here’s what need to know about medical identity theft — and how to protect yourself from it:
How can medical identity theft occur?
Medical identity theft can occur due to database breaches, improper disposal of medical documents, phishing scams or theft by a health care professional.
If your personal information ends up in the wrong person’s hands, it could be used to buy prescriptions, or someone could try to get medical services using your insurance.
Breached databases can expose personal medical information
With so much sensitive information stored electronically, database breaches can be catastrophic. A breach occurs when an unauthorized person gains access to a database, either physically or virtually. Once they've breached a database, criminals may have access to sensitive details they can use to get medical services using a victim's name and medical information. Your information could later be exposed on the dark web where some medical records can be sold for large sums, according to Experian.
Improper disposal of sensitive medical records
Sensitive medical records contain information criminals can use to steal your medical identity. You, your health care providers and your insurance company all have copies. While medical providers and insurance companies are legally obligated to safely dispose of all medical records, you’re responsible for handling your own documents.
Phishing scams
If you receive an email or text asking for medical or personal information, such as your Social Security number, it could be a phishing attempt in which a scammer claims to be from a trusted organization, such as a bank, and tries to get you to voluntarily disclose certain details. The scammer may then be able to use your insurance for medical care or they could sell your information to third parties.
Never give out your data to an unknown entity. If you receive a suspicious email or text asking you to click on a link or open an attachment to update your medical or billing information, it's probably a scam.
Insider theft by health care professionals
Medical identity theft sometimes occurs when a health care professional steals sensitive medical information. While this type of crime is rare, stolen documents could be used to file fake insurance claims or the information could be sold to criminals.
A key goal of the Health Insurance Portability and Accountability Act (HIPAA) is to provide medical identity theft protection. The law requires that health care providers, plans and clearinghouses safeguard patient medical information.
How to prevent medical identity theft
There are a number of steps you can take to protect yourself from identity theft and most of them are pretty simple. These are the most effective ways to protect yourself:
1. Safeguard your medical insurance cards
Your medical insurance cards have a lot of sensitive information that criminals can use to steal your identity. Be sure to keep your insurance cards in a safe place. Other items you should guard include:
- Medical insurance enrollment forms
- Prescriptions and prescription bottle labels
- Medical bills
- Health insurance explanation of benefits (EOB) statements
2. Review medical statements for inaccuracies
Make it a habit to always review medical statements for inaccuracies. They may contain the first signs of identity theft, and by catching identity theft early, you can prevent further damage.
If you see an inaccuracy in your medical statement, contact all health care providers and health insurance companies involved to get more information. You have the right to examine and obtain copies of your medical records. This will help you determine if the inaccurate information indicates medical identity theft.
3. Be careful who you share medical details with
You probably don't go around sharing financial details with acquaintances, but you might not think twice before talking about your medical issues with a friend. To keep yourself safe from medical identity theft, be careful about discussing medical details, such as information about your health care plan.
4. Use strong passwords for online patient portals
Online patient portals contain your sensitive medical information, so it's critical to safeguard access to them. You can do this by choosing strong passwords that contain a combination of letters, numbers and non-alphanumeric symbols.
Avoid using guessable passwords, such as those containing your birthdate or a pet's name. Identity theft experts strongly recommend the use of a password manager, which will help you generate and store unique logins for all your accounts. If you write passwords down, ensure you keep them in a safe, hidden spot.
5. Securely dispose of medical documents
Medical documents, such as bills or health insurance EOB statements, also contain a lot of sensitive information. When disposing of any health documents, do so securely using a paper shredder.
For health care providers, HIPAA sets requirements for secure disposal of sensitive patient information and requires training for employees who handle patient data.
How to report medical identity theft
Victims of medical identity theft should complete the following steps:
- File a report with the FTC by phone at 1-877-438-4338 or online via identitytheft.gov.
- Submit a report with your local police department (and get copies of it).
- Contact your health care provider and the healthcare fraud department of your insurance company and share a copy of the police report.
You should also consider putting a freeze or fraud alert on your credit records. You can do this by calling each of the three major credit bureaus: Equifax, Experian and TransUnion. You can also request a freeze online directly through the credit bureaus’ websites.
You’ve probably heard of identity theft, but it's usually in relation to fraud — someone stealing your personal data in order to gain access to your money. Medical identity theft is a lesser-known but equally dangerous threat that can jeopardize your finances and health.
Read on for a description of medical identity theft. Learn about the many ways it can occur, then get tips for how to protect yourself (and your loved ones) from medical identity theft.