Medical identity thieves have victimized nearly a quarter of small healthcare entities in the last year--and the trouble is just getting started.1 The economic impact of these crimes has surged from $30.9 billion in 2011 to $41.3 billion this year, making it the fastest growing form of identity theft in the world.2
There are two types of medical identity theft: when a patient's personal information is stolen and when the professional information of a healthcare provider is stolen.
In the first scheme, medical identity thieves use patients' personal information to obtain free healthcare services. This theft costs patients on average more than $20,000. More seriously, it can cause erroneous information to be included in a patient's chart, which could lead to wrong treatment and severe, if not deadly, consequences for the patient.
Identifying medical identity theft early can help reduce the expense and harm to patients. Tell your patients to closely scrutinize their medical bills. They also should verify whom they are speaking with when they are asked to provide medical information. Medical identity thieves often pose as insurance company representatives, doctor's offices, and pharmacies in order to steal patients' personal information.
Patients need to be vigilant in looking for other signs of medical identity theft such as receiving bills for services that were never provided, calls from medical debt collectors, or collection notices from healthcare providers that never provided services to the patients. A more advanced case might be detected when the patient gets a notice from their insurance company that they have reached their limit of benefits or they are denied coverage due to a pre-existing condition.
The Federal Trade Commission recommends patients notify their health plans and local law enforcement about any suspected medical identity theft. Additionally, the FTC suggests that they monitor their credit reports for fraudulent activity.
When healthcare providers are the victims of medical identity theft, the thief uses the provider's credentials to fraudulently bill Medicare and private insurance companies for services that never were provided. Some unique warning signs for healthcare providers include receiving phone calls from patients they never treated, notices of new corporate filings or unexplained address changes, or IRS notices about unpaid taxes. The suspension or termination of payments to a provider by Medicare or other payers is a sign of medical identity theft that requires immediate action.
Healthcare providers who have their medical information stolen incur significant costs to clear their names. But beyond financial considerations, providers also may face significant risk of a malpractice claim when erroneous information has been added to their patients' charts. Scrutinizing the explanation of benefits forms from third-party payers and questioning inconsistencies in their patients' records can help providers detect medical identity theft early and prevent malpractice claims.
The best protection against medical identity theft is prevention. Clinicians should safeguard professional identifiers and routinely verify their provider information with Medicare and other payers.
Michael L. Smith, JD, RRT, is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Fla. This article is for general information only and is not a substitute for formal legal advice.
1. Welz T. Ninety-One Percent of Small Healthcare Organizations Suffered Data Loss or Theft in Past 12 Months, MegaPath Sponsored Study Finds. MegaPath. http://www.megapath.com/about/press-releases/ninety-one-percent-of-small-healthcare-organizations-suffered-data-loss-or-theft-in-past-12-months-megapath-sponsored-study-finds/
2. Ponemon Institute. Third Annual Survey on Medical Identity Theft. http://www.ponemon.org/local/upload/content/generalcontent/18/third-annual-survey-medical-id-theft-final-.pdf