Medical Identity Theft
I’ve never been one to worry about the protection of my privacy. While I have family members who zealously protect their information, I long ago resolved to thinking that if a truly evil person wants my personal information, they will find a way to get it, with or without my blundering help. The recent hacking of the credit card reading machines at Target stores illustrates how far and how deep these cyber-thieves can reach. It also shows how quickly someone would be able to tap into my bank accounts and run with my money before I realize I have been robbed.
Theft of medical identity is also on the rise. You might wonder why on earth someone would want to steal your medical records when there is no cash attached to it, but it turns out there are plenty of ways the bad guys can profit from our information.
The first and most obvious concern is someone can use our identity to get medical services for themself. Surprising to me, a large percentage of times this is consensual theft – meaning the person using an identity fraudulently has the permission of the other person. Here’s a hypothetical situation to frame this idea – let’s say my sister has no insurance but is really sick and now needs to be seen in the emergency room. She looks a bit like me and knows all my information so I suggest she use my insurance card to get the help she needs. She goes to the ER, checks in with my ID and gets treatment. In this case, both my sister and I worked together for the identity theft. The victim in this case is the insurance company and the service provider, who has been deceived in providing service.
The Ponemon Institute (cyber data security group) and the Medical Identity Fraud Alliance, completed a study in 2013 that shows 47 percent of all medical identity theft situations involved both parties – in other words, it was consensual and they knew each other. That number was shocking to me, and they propose that with the Affordable Care Act making insurance available to more Americans, this percentage will decrease. This also leaves over 50% of this type of theft is done by a stranger. I can only hope this will decrease because the trend has been a large increase - this same survey cites over 1.84 million medical identity fraud cases in 2013 vs 250,000 in 2006.
Fraudulent use of medical insurance is one of the reasons we are asked to present a photo ID when we come for care at a new provider, or even sometimes repeat visits. It irritates me to no end to be asked for my photo ID by the receptionist at the MS clinic each month when I check in – come on, they know me! I’ve been coming there since 2008, but they also need the proof that it was really me who came and had that treatment.
All of this sounds simply like a case of financial theft by stealing services, but it can be much more dangerous. If that person using your identity is tested for a blood type or a disease which you don’t have, it will be entered into a medical record- yours! The next time you show up for care you could find out you have been diagnosed with some other disorder than the ones you already have – isn’t MS enough? Worse, you might need emergency treatment and unable to speak for yourself and the compromised medical records might contain serious if not life-threatening errors.
I am in favor of electronic health records (EHR) because they provide a transcript for all of my providers to follow. Regardless of who I see, and in what medical system they work, we are not far from the time when those are merged into one repository for easy access by all of my medical providers. I’ve been to the emergency room more than once, including for a heart attack, and from experience I know how much time it takes to record my medical history and how many mistakes I can make trying to tell them what medicine I am taking and my conditions. The EHR also keeps track of me – it tells where, when and why I have been seen for treatment. At the core of this EHR is also my demographic information – where I live, age, weight, my marital status, where I fill my prescriptions and much more. Ultimately, buried somewhere deep in that record is the portion that I am financially responsible to pay my bills if the insurance does not, and that information is almost always linked to my social security number as the guarantor.
It's easy to see this scenario of the medical record as the ideal opportunity for an identity thief – the perpetrator can reconstruct my records into a perfect profile and pass themselves off as me with just a little effort. There’s enough information in my EHR that they could get medical service for themself; fraudulently use my information to construct bills to insurers (usually Medicare/Medicaid); or even apply for personal loans. The depth and breadth of my personal information in the EHR is staggering, as is the thoughts of what could be done with that information in the wrong hands.
It’s one thing if someone were to tap into my bank accounts and run with my money before I realize I have been robbed. If our records through the credit cards or banks are pilfered, we pretty much will know immediately. Checks will start bouncing for insufficient funds or card charges for money wire transfers to third world countries will alert your credit card company that something is amiss. I know, because I have had card numbers stolen more than once. Yes, it’s a pain to sort out the money problems, but fortunately most institutions will work with you to re-credit your accounts.
But how would you know if your medical record has been stolen? It might take years before you accidentally become aware of an error that gets you investigating a bit deeper. One place to start is regularly check your explanation of benefits (EOB) from your insurance provider – carefully look at the claims and make sure all of them belong to you. If you find something questionable, don’t hesitate to call your insurance company. You are legally entitled access to your medical records – don’t assume you know what is in them. Take the time to review your records and make sure everything there is your record.
A story on CNBC quotes the leader of the Ponemon Institute that there is more money to be made through medical identity theft than by stealing credit and debit card numbers. The world has always been full of not-nice people who will take advantage at every opportunity and this latest twist isn’t going to make me lose more sleep worrying about the possibilities of medical theft identity. This will, however, make me more diligent about checking my records and to make sure they have not been compromised and I hope you will do the same.
Wishing you well,
How many specialists did you see before finding "The One"?