Skip to content

Medical ID Theft

August 1, 2014

The problem

Medical identity is now the fastest-growing type of identity theft in the world and Texas has become the fourth highest identity theft complaint state (Brain, 2014). American Medical News found that “an estimated 2 million people become victims of identity theft each year and more than 5,300 physicians have listed themselves in a federal database that tracks medical identity theft” (Dolan, 2012). As if the loss of a physician’s name isn’t enough, they are then faced with the risk of losing credibility, their jobs, thousands of dollars and law suits. There are two kinds of medical ID theft; one is if the physician has his or her credentials stolen, the other is if the patient’s identity or insurance information is being stolen. Both are serious threats to the physician and their practice.

“The biggest key to detection, is education,” said Shantanu Agrawal, MD for the Center for Program Integrity at the Centers for Medicare & Medicaid Services. If physicians know how to realize they have had their identity stolen and how to begin reclaiming their identity, they will be able to avoid and solve this crisis.

The Office of Inspector General, U.S. Department of Health and Human Services, identifies medical identity theft as when someone steals information such as your name, social security number or Medicare number in order to obtain medical care, prescriptions or to submit fake billing in your name (General).



The Coalition Against Insurance Fraud explains that thieves steal your personal information to fill their pockets by making false claims against your health policy. With your identity, thieves can now obtain your health-insurance number, social security number, date of birth, home address and more.


Signs you are the target of Medical ID Theft

If someone offers you “free” health services or products, but requires you to provide your health plan ID number.

Receiving phone calls from patients you never treated.

Medicare remittance notices for services never performed.

Credit reports, mailings or phone calls referencing corporation fillings or businesses under a different name from the practice but with your name associated.

It is just as important to ensure your patients are not a victim of identity theft. Ensure all billings are capable of being processed accordingly and avoid law suits by keeping a look out and providing these warnings for your patients:

If he or she receives a bill for medical services not received, a call from a debt collector about a medical debt he or she do not owe, unknown medical collection notices on his or her credit report, a notice from his or her health plan saying the benefit limit was reached and denial of insurance because medical records show a condition he or she does not have.

Bill Fox, senior director of the health care division at LexisNexis Risk Solutions, says, Physicians need to be aware that an employee is often the source of the information leak. They have access to the practices databases and the ability to hide any of the warning signs (Dolan, 2012).



The Coalition Against Insurance Fraud outlined these potential damages:

Ruined credit. Thieves often ring up large hospital bills in your name, then disappear without paying. This can ruin your credit. Straightening out inaccurate credit records can take months or even years of time-consuming headaches. Meanwhile, you could be hounded by bill collectors, turned down for loans or mortgages, and forced to pay higher lending costs. You also could lose jobs; some employers check a candidate’s credit history.

Loss of health coverage. Fraudulent insurance claims can max out your health-policy limits and leave you with no coverage when you have a medical emergency, or need an expensive operation or other treatment.

Inaccurate records. A thief’s treatment history can end up on your medical records. This could include the wrong blood type, mental illnesses or medicine to which you’re allergic, putting your life on the life.

Legal troubles. A pregnant woman stole the medical identity of a mother, and delivered a baby who tested positive for illegal drugs. Social workers tried to take away the real mother’s four children, falsely thinking she was the addict. She had to hire a lawyer to keep her family. Physicians could also find themselves in a difficult legal situation if they have inaccurately treated or diagnosed a patient.

Higher health premiums. False claims against a health insurance policy can raise your health premiums — costing you even more money.



Perform routine checks of Medicare’s Provider Enrollment, Chain and Ownership System list to ensure both the practice and physician do not have any mysterious associations.

The American Medical News, suggests medical receptionists to take these steps in order to prevent the use of stolen identities:

  • Request two pieces of identification from patients. Thefts will most likely not have a matching photo ID or it could be an obviously fake second form of identification with inconsistent descriptions.
  • Ask for a referral source. Finding how new patients heard of the practice can prove to be beneficial. Generally patients were referred by another doctor or friend. Those referrals, especially ones from other doctors, can be used to establish the person’s identity, if needed.
  • Look for inconsistencies in the record. Having access to patient records from another facility can help physicians identify discrepancies such as dramatic changes in weight or height.

The Federal Trade Commission offers a few tips to keep you from becoming a victim of medical identity theft.

  • If you decide to share your information online, look for a lock icon on the browser’s status bar or a URL that begins “https:” the “s” is for secure.
  • Don’t share medical or insurance information by phone or email unless you initiated the contact and know who you’re dealing with.
  • Keep paper and electronic copies of your medical and health insurance records in a safe place. Shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.
  • Before you provide sensitive personal information to a website that asks for your Social Security number, insurance account numbers, or details about your health, find out why it’s needed, how it will be kept safe, whether it will be shared, and with whom. Read the Privacy Policy on the website.



The Ponemon Institute surveyed 757 patient victims of medical ID theft to find out how they handled the loss of their identity, time taken to resolve the issue and costs.

  • Average time to resolve: 12.1 months
  • Personal cost of resolving theft: $22,346 per victim
  • Those who lost trust in their health care organization as a result: 51%
  • Percentage who had medical records accessed: 20%
  • Percentage with private insurance: 44%
  • Percentage with Medicare: 21%
  • Percentage not insured: 20%

Non-financial Consequences of MedIDTheft

At Statistic Brain, a recent study was performed to measure the most current identity theft claims (Brain, 2014).

Statistic Brain



“Don’t just assume it’s a mistake,” Jeremy Miller, a director at Kroll Advisory Solutions, said. “The earlier you capture those kinds of things, the easier it is to get it untangled” (Dolan, 2012).

What you should do if you suspect identity theft:

  • Contact the insurer
  • File a police report
  • Inform the government by filing a medical identify theft complaint with the Federal Trade Commission (FTC) or call the FTC’s toll-free hotline at 1-877-IDTHEFT (438-4338).
  • Correct improper medical information as soon as it is noticed.
  • The Federal Trade Commission recommends victims to request for each of their health plan and medical providers to send a copy of “accounting of disclosures.” By law, you are allowed to order one copy from each provider every 12 months. With this you can see who all received a copy of your records from the provider, what information was sent, when it was sent, who received the information and why is was sent. You can now compare records and billings to begin contacting those who should not have access to your records.
  • The Federal Trade Commission outlined the steps to follow when correcting errors in medical records.
  1. Contact each health care provider and ask for copies of your medical records.
    1. Check your state’s health privacy laws. Some state laws make it easier to get copies of your medical records.
    2. Complete the request form and pay any fees required to get copies of your records. If your provider refuses to give you copies of your records because it thinks that would violate the identity thief’s privacy rights, you can appeal. Contact the person the provider lists in its Notice of Privacy Practices, the patient representative, or the ombudsman. Explain the situation and ask for your file. If the provider refuses to provide your records within 30 days of your written request, you may complain to the S. Department of Health and Human Services Office for Civil Rights.
  2. Review your medical records and report any errors to your health care provider.
    1. Write to your health care provider to report mistakes in your medical records.
    2. Include a copy of the medical record showing the mistake.
    3. Explain why this is a mistake and how to correct it.
    4. Include a copy of your police report or Identity Theft Report.
    5. Send the letter by certified mail and ask for a return receipt. Your health care provider should respond to your letter within 30 days. It must fix the mistake and notify other health care providers who may have the same mistake in their records.
  3. Notify your health insurer and all 3 credit reporting companies.
    1. Send copies of your police report or Identity Theft Report to your health insurer’s fraud department and the 3 nationwide credit reporting companies.
  4. Order copies of your credit reports if you haven’t already.
  5. Consider placing a fraud alert or security freeze on your credit files.
  6. Update your files.
    1. Record the dates you made calls or sent letters.
    2. Keep copies of letters in your files.


Sometimes, the first moment of detection is when tax returns are EFiled and then denied by IRS due to someone else having filed under your I.D. number for the year.

The first step to getting your taxes filed is to submit a “paper file” with Form 14039 along with your 1040 and a copy of driver’s license to the IRS.

The IRS will usually assign a pin number to victims file to use as a confirmation of identity in the future.

The next step is to check your credit records and ensure that no loans or credit cards have been initiated by someone other than yourself. If further fraud is found, it is usually best to report it to the Credit Bureau. We suggest you also use a credit monitoring service.

For further advice and support in regaining your identity, contact one of our professionals.



Brain, S. (2014, June 8). Identity Theft / Fraud Statistics. Retrieved from Statistic Brain:

Coalition Against Insurance Fraud. (n.d.). Medical Identity Theft. Retrieved from Coalition Against Insurance Fraud:

Dolan, P. L. (2012, August 6). Medical ID theft: Double danger for doctors. Retrieved from American Medical News :

Federal Trade Commission . (2012, August). Medical Identity Theft. Retrieved from Federal Trade Commission:

General, I. (n.d.). Retrieved from U.S. Department of Health and Human Services:

Ponomon, I. (2012, June). Third Annual Survey on Medical Identity Theft . Retrieved from Ponomon Institute :







From → Healthcare

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

<span>%d</span> bloggers like this: