Tag Archives: medical identity theft

Why Credit Monitoring Isn’t Enough

Having credit monitoring instead of identity monitoring is like putting a security system in the elevator but not in the whole office building. The scope of security is limited and leaves the workforce vulnerable. Thus, understanding how monitoring programs differ, how they work and why it matters is critical for safeguarding your identity.

Why should you care?

Victims of identity theft deal with increased stress, hours of work rebuilding their reputation and recovering from major financial losses; all of which have major consequences in other areas of life – like decreased productivity and performance on the job.

Given the statistics, if you haven’t dealt with the crime in some capacity, it’s only a matter of time.

The good news is that arming yourself with credit monitoring and identity monitoring gives you a better chance of stopping identity theft before it gets out of hand, thereby diminishing the negative effects that follow.

What is credit monitoring? How does it work?

There’s a broad range of credit monitoring services available in today’s market, and each program varies. Credit monitoring is a reactive approach to identity theft that involves checking credit reports for fraudulent activity. Because a credit report shows past activity, it will only reveal fraud or theft that has already affected the victim. That’s why it’s like only having security in the elevator: Once you realize the culprit is there, he has already infiltrated the building.

Credit monitoring programs will pull a member’s report, often quarterly or annually, from any number of the three major credit bureaus and make it visible to the member. On top of that, programs watch credit reports, transactions and activity for changes that could be criminal.

Another aspect of credit monitoring is resolution and recovery assistance, but, again, the levels of assistance vary from product to product. For instance, credit monitoring services will alert a member if they find fraudulent activity on the credit report(s), but some services don’t inform the credit bureaus on behalf of the member.

What is identity monitoring? How does it work?

Identity monitoring takes a more active approach. It not only focuses on credit reports but broadens the security sweep to account for name, birth date, address, email, driver’s license, Social Security number and more. Think of it as a security system for the whole office building, with security officers at every door and window.

Top-notch identity monitoring programs will check national databases for suspicious activity, watch out for questionable transactions and ultimately try to keep the member informed with real-time alerts about a data breach or fraudulent act. Touch points could even include scanning criminal record databases, sex offender registries and public records.

Identity monitoring can also give people peace of mind about their biggest worries: More than 70% of consumers are concerned about their Social Security number, credit card, insurance and driver’s license number, while less than 60% are concerned about their credit score and transaction history. People want more protection than what’s offered by credit monitoring alone, and identity monitoring is the answer.

What is the difference?

One major difference between identity monitoring and credit monitoring is accuracy. The all-inclusive nature of identity monitoring allows for a more accurate assessment of susceptibility to identity theft. For example, credit monitoring may not detect problems like tax fraud or medical identity theft because credit reports don’t necessarily show those types of information. Because identity monitoring is more robust, it can discover anomalies and provide protection for more than the financial aspects covered by credit monitoring.

Simply put, identity monitoring provides more coverage than credit monitoring.

For more information, visit clcidprotect.com.

My Employee Is a Victim! Now What?

The difference between a victim of identity theft who does have coverage and a victim who doesn’t is monumental, and the costs (time, money, health) affect not only the victim but also his productivity in the workplace. It is vital that an employer understands the necessity of an identity theft protection plan, and which types of services and features should be included, so employees have access to the resources they need for timely and sufficient assistance.

How does identity theft affect the victim?

Identity theft affects more and more people every minute; in fact, every two seconds someone becomes a victim. The financial consequences of this growing threat can’t be ignored:

  • Over the last couple years, roughly $45 billion has been lost because of identity theft.
  • Fraud ends up costing companies three times as much as what was initially stolen.

Thieves not only steal people’s information and money but their time, as well. Close to a third of identity theft victims spend a month or more trying to resolve the issues, and a lengthy recovery process takes a toll on victims’ health:

What does identity theft have to do with productivity?

Identity theft can distract victims and affect their levels of productivity at work.

If identity theft causes such severe stress, and the recovery process takes months to complete, imagine how many workers are distracted or absent because they’re dealing with fraud, and imagine what that’s doing to their company’s bottom line.

How can identity theft protection products help?

Catching identity theft before it gets out of hand, and getting quality support, can help cut costs. Say a thief steals someone’s personal information and tries to reset her bank password. If the victim has a protection plan that includes high-risk transaction monitoring, that feature would catch the transaction as it is occurring and could prevent it from going through. If the victim doesn’t have that kind of alert system, she may not even find out about the issue until the thief has already drained the account.

There are different kinds of monitoring available, and each type covers a different group of data points. The most common are credit monitoring (for credit-related activity) and identity monitoring (for personal information). Other features could include watching high-risk transactions, assistance with tax fraud and medical identity theft cases and data sweeps.

Assistance during the recovery process can also lessen distress and distraction. If victims have access to a Certified Identity Theft Risk Management Specialist (or someone with comparable experience) who can give them an immediate action plan and actually take on some of the recovery tasks, victims can recover more quickly, which means decreased absenteeism and financial losses.

Over the past year, 70% of companies suffered from fraud. The threat is real, and the consequences are deep, but they can be subdued if employees have a coverage plan with support for victims and protection against future attacks.

Identity Theft Services Explained

As thieves discover more and more ways to steal personal information, it is critical that people use identity theft protection services that involve a wide security sweep of all personal identifiable information and high-risk activity. The marketplace for identity theft protection now includes all kinds of monitoring services and features. Make the best choice by understanding each feature available, how they differ from each other and their capacity for sustaining protection.

Credit Monitoring

Credit monitoring is the process of reviewing a consumer’s credit activity with the credit bureau. It monitors the activity and changes to a credit report, including inquiries made by a creditor to request a copy of a report. Monitoring provides an alert system for potential fraudulent activity or accounts being established. Credit monitoring provides an alert system to activity affecting your credit report and credit score. Monitoring enables you to stay on top of fraudulent activity so that you can address the inaccuracies immediately. It also reduces the financial impact that identity theft can cause, by reporting the fraud earlier and reducing potential out-of-pocket losses.

Identity Monitoring

Identity monitoring looks at more than just credit information; it encompasses all personal identifiable information: name, birth date, address, email, phone number, Social Security number, etc. This could include monitoring the Internet, national databases, credit files, public records and more. If thieves have your personal identifiable information, it’s the perfect cover for their crimes because everything will point to you, not them. Even kids can become victims of identity theft: Each year, more than 140,000 identity theft cases involve children.

Social Security Number Monitoring

It’s exactly how it sounds – protection for one of the most important pieces of information that a person has. This type involves monitoring hundreds of millions of records for unauthorized use of a Social Security number (SSN). 70% of people are worried about the safety of their SSN. Monitoring an SSN is particularly important for children because thieves have plenty of time to use the child’s information for their own gain before the child finds out by applying for an account or a line of credit and is denied because of the thieves’ damage.

Data Sweeps

Unlike previous monitoring services that focus on particular data or activities, data sweeps encompass a plethora of touch points and personal information. Data sweeps monitor the Internet for instances of criminals using stolen phone numbers, addresses, birth dates and more. How many data points are included and how often the data sweeps occur vary from plan to plan. Data sweeps cover the information that consumers are worried about, like mailing addresses (50%) and phone numbers (60%). It can also help a person feel more secure about online presence because data sweeps can lead to removing exposed personal information on the web.

Credit Card Monitoring

The lending institutions that issue credit and debit cards will usually monitor transactions and notify cardholders of suspicious activity. Credit card monitoring, as offered through an identity monitoring service, will monitor the Internet for fraudulent activity involving credit card and debit account numbers, PIN numbers and other personal information in Internet hacker chat rooms and the dark web. Credit card monitoring looks at activity outside of the credit report and outside of activity monitored by the cardholder’s bank or issuing institution. As a result, it can detect fraud that may or may not make it to a credit report or be captured by the bank.

Recovery Assistance

Most services will not only keep you informed but help you resolve any suspicious activity. Features could include assistance from a credentialed professional. Some assistance features may only provide victims with next steps or resources, while others may actually take on some of the activities a victim must complete to rebuild his or her reputation. 47% of victims who spent 6-plus months fixing the issue(s) felt severe emotional distress vs. the 4% of victims who felt that way after resolving issues within 24 hours. Victims can limit the health and financial costs of recovery by using a protection plan that includes assistance from professionals who know how to get quick results.

Lost Purse or Wallet Assistance

Whether you misplace your wallet or it actually gets stolen, most identity theft protection services will help you contact the correct institutions and minimize the damage if a thief tries to use your stolen information. Despite the growing threat of malware and hacking, physical theft is still a problem, and 43% of physical theft happens at work.

Service Guarantee

Most companies have a service agreement that provides some sort of refund for customers if there’s a defect in the company’s service. New technological advances are made every day for security and thievery, so you need to make sure that a company will help you if its protection services can’t keep up with thieves’ new tricks.

Some identity theft protection services go above and beyond with the layers of security and assistance they offer, in addition to the commonly included products listed above. Some of those extra special features are:

Additional Databases

While most services monitor your personal identifiable information online or on credit reports, not all of them will monitor databases like criminal records and sex offender registries. Some companies charge extra for monitoring these additional databases. Thieves don’t just use your personal information to empty your bank account. Thieves will steal reputable citizens’ identities and use them as aliases when committing crimes.

Medical Fraud Assistance

Monitoring for medical fraud involves protecting insurance records from criminal use and assisting victims when a thief tampers with a victim’s medical history or racks up medical debt. The crime rate for medical identity theft increases by 32% each year, and more than $12.3 billion in out-of-pocket expenses were spent in the past year because of medical identity theft.

Tax Fraud Assistance

Products include giving victims an action plan and providing forms and contact information for working with the IRS. Services that actually do recovery work for victims must have certified tax specialists who are approved for working with the IRS on behalf of the victims. In 2014, the FTC’s 1.5 million fraud-related complaints revealed that consumers have paid a total of $1.7 billion because of fraud, and a third of those complaints were tax-related. Tax fraud could include IRS phishing schemes, phone scams and stealing taxpayers’ information to file phony tax returns and get their refunds.

Family Coverage

Protection plans may allow members to add family members to their plan; however, adding family members often comes with additional charges. When family members share accounts (e.g. bank, music, email), passwords, etc., everyone feels the consequences if one of them becomes a victim.

Other

Other pieces of your personal information that may or may not be included in the common types of monitoring: loan/lease information, driver’s license, computer security, bank account information, passports, etc. Thieves’ use of hacking, malware and social media have skyrocketed over the past few years. As fraudsters improve their tactics, they gain access to more and more information.

Each type of monitoring covers important information that could lead to serious damage if taken into the hands of a fraudster, and no one type covers everything. Likewise, each feature has importance, but they’re most effective when working together because they create sustainable, comprehensive coverage.

People need to make sure that their identity theft protection plan includes all the necessary data points with multiple types of monitoring, assistance and recovery features, so their information stays secure.

‘Data on the Move’ Means Data at Risk

Everywhere we look today, data is on the move. The downside:  When personal information and data are being moved electronically, they’re more vulnerable to identity theft.

At the Identity Theft Resource Center,  a crucial part of our analysis when we track data breaches is to look for emerging trends.  Unfortunately, one trend has become evident: The number of breaches linked to “data on the move” in the healthcare industry is up significantly.  In fact, these types of data breaches – say, when a laptop or flash drive is stolen or back-up tapes are lost in the mail – have risen above other industries quite dramatically.

But there’s hope. Companies and organizations can take steps to reduce these data breaches. They can provide more robust employee training and stricter controls over what devices are allowed to leave the premises. Organizations can also review what data is stored on devices and how the devices are protected. Adding encryption to laptops that contain sensitive data – and that must leave the premises – will also improve the situation without busting the bottom line.

Breach incidents because of data on the move have been trending downward as a percentage of all breach incidents, from 20% in 2008 to 12% in 2012. Although the percentage increased slightly to 13% in 2013, most industry sectors have seen a payoff from preventive measures.

The medical sector is not having a similar experience. More than half of the breaches because of data on the move occurred in the health/medical sector.

DataMove

For instance, in California, Palomar Health recently experienced a data breach when an encrypted laptop and two unencrypted flash drives were taken from a staff member’s car. The devices exposed the personal health information of 5,000 patients. In Michigan in late January, a laptop computer and flash drive were stolen from an employee of the state Long Term Care (LTC) Ombudsman’s Office. Information on the laptop was encrypted, but data on the flash drive was not. The flash drive contained personal information about 2,595 living and deceased individuals, including names and addresses and, for some individuals, dates of birth. Either a Social Security number or a Medicaid identification number was included with 1,539 records.

Data breaches pose a significant risk to consumers because of the correlation between breaches and identity theft. According to Javelin Research, one out of three people whose information was breached fell victim to fraud in the same year. When medical records or personal health information (PHI) are compromised, consumers are not only  facing an increased risk of medical identity theft. The risk for all types of identity theft is increased. (For more information on medical identity theft and its impact on the community, see the Medical Identity Theft and Fraud article on ITL).

The information entrusted to medical providers and insurance companies is often the same information that can be used to steal a person’s identity and commit financial identity theft, government identity theft and even criminal identity theft. In addition to receiving medical goods and services or prescriptions in the victim’s name, a thief could obtain loans or new lines of credit, apply for government benefits or file a false tax return. The perpetrator could even use the victim’s name if caught while committing a crime.

“Whether sensitive data is at rest or in transit, it should have appropriate risk-based controls and policies applied to its governance,” says Ann Patterson, program director with Medical Identity Fraud Association, which unites all the stakeholders and helps to convey the importance of these best practices. “The same judicious enterprise-wide data protection principles that you apply to your data at rest should also be considered for your data in transit and your mobile data. Particularly for mobile, BYOD policies (Bring Your Own Device) are essential.”

According to MIFA, many organizations are feeling the impact of shrinking budgets and may be tempted to reduce costs by limiting financial resources for internal fraud detection and prevention programs.  This may provide immediate help to the bottom line. But in the long term it’s the wrong solution. Costs creep up in other areas when fraud is ignored.  This could result in an organizational culture shift; as the old saying goes, what we allow, we encourage.

Coupled with human resources divisions, the fraud detection and prevention programs often provide employee training and formulate best practices in regard to fraud reduction.

The ITRC realizes the critical importance of information management and data security. We believe strongly in the importance of educating consumers and businesses about  the value of our individual data and the importance of personally identifying information (PII). For this reason, our organization began tracking data breaches in 2005. Tracking breaches has allowed us to look for patterns in regard to how our information is being safeguarded, or compromised, by those we trust with it.

The ITRC defines a data breach as an event in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format. The ITRC will capture breaches that do not, by the nature of the incident, trigger data-breach-notification laws. Generally, these breaches consist of the exposure of user names, emails and passwords without involving sensitive personal identifying information. These breach incidents will be included by name but without the total number of records exposed. (For a more detailed explanation of our methods, visit the ITRC breach report page).

Data breaches and identity theft have been on the rise and have a significant effect on the individual victims as well as on the U.S. economy.  We acknowledge that there is no panacea to rid ourselves of this issue entirely. However, encouraging negligence by not providing employees with the proper tools, and simply not acknowledging the problem, is not the answer, either.

Small and steady gains can be made by implementing training and increasing accountability for the individuals and organizations that we entrust to be good stewards of our PII.  A good start would be to understand and recognize how each type of incident plays a role and identify deficiencies.

Another option for organizations is to get involved with industry and trade organizations that also tackle issues related to data breach best practices daily. Businesses want to keep proprietary information close to the vest, but best practices about breaches should not be a trade secret.  A highly engaged and enlightened health/medical community would be a step in the right direction.

Medical Identity Theft And Fraud

Medical identity theft (MIDT) is a crime that has profound consequences for patients, insurance providers, and health care providers. The definition of medical identity theft is the fraudulent use of an individual’s personally identifiable information (PII), such as name, Social Security number, and/or medical insurance identity number to obtain medical goods or services, or to fraudulently bill for medical goods or services using an unlawfully obtained medical identity. Unfortunately, the definition of medical identity theft and the consequences that are associated with the crime are not common knowledge to the general public.

A recent study conducted by Harris Interactive on behalf of Nationwide Insurance found that only one in six (~15%) of insured adults say they are familiar or very familiar with the term “medical identity theft.” Of the 15% that professed familiarity with the term, only 38% could correctly define what a medical identity was (Medical ID Theft Study 4). Unfortunately, this lack of widespread understanding of medical identity theft by consumers is part of the problem and it is costing consumers, insurers, and healthcare providers alike.

According to the most recent Ponemon Institute Research Report, 1.85 million Americans were affected by medical identity theft in 2012. This is a dramatic increase from the 1.49 million affected by medical identity theft in 2011, amounting to an almost 25% increase in just one year (Third Annual Survey 1). This rate of growth has the potential to explode due to several reasons. First, The Affordable Care Act is estimated to reduce the number of uninsured by approximately 30 million (Insurance Coverage Provisions 13), drastically increasing the number of insurers and insured patients that are targets for medical identity theft. Second, HIPAA policies and new rules under HITECH are increasing the use of electronic health records (EHRs) which can be vulnerable to data hackers. And lastly, the data hackers themselves are more sophisticated and cognizant of ways to profit off of personal data than ever before. All these factors combined pose a very serious dilemma in controlling the rate of growth for medical identity theft. Ponemon estimates that the cost of medical identity theft to consumers in 2012 was approximately $41 billion (Third Annual Survey 1). This does not include the untold cost borne by healthcare and insurance providers. We cannot afford the cost of letting this crime grow.

In order to minimize the effects of medical identity theft we must better understand the nature of medical identity theft. The Identity Theft Resource Center (ITRC) knows it is important to assess how consumers’ identities are stolen, how they find out they have fallen victim to this crime, and how difficult it is to resolve once discovered. The Identity Theft Resource Center believes this information can be used to educate and make aware the general public as to what medical identity theft is and how they can minimize their risk or mitigate the cost once they become a victim.

Looking at how medical identity theft victims discover they have fallen victim to this crime is crucial in determining what can be done to discover medical identity theft sooner to avoid increased expenses and instances of fraud. The 2012 Ponemon report found that the most common way (39%) people discover they have become victims of identity theft is by receiving collection letters for delinquent bills. This is bad news as this means the costs for the fraudulent services worked their way through the providers’ billing systems and languished there until they were forwarded to collection departments or agencies. In the time it took for the bill to make it to the collection department or agency, the imposter could have committed many more instances of fraud in different locations. The second most common method of discovery (32%) was by noticing mistakes in their health records, tipping them off to the medical identity theft. This is also bad news as mistakes in health records can have catastrophic consequences which can be fatal.

Fortunately, the third most common method (26%) of discovering identity theft was by victims noticing suspicious postings to a statement or invoice, such as an Explanation of Benefits statement. This is very good news as this usually means the victim is discovering their medical identity theft as early as possible. The earlier the victim notices the crime, the more likely they may avoid damage to their credit score, stop future abuse of their medical identity, and reduce the amount of time and money spent to rectify the issue. This statistic is even more interesting when compared to the previous two years of the Ponemon study, where only 9% of participants indicated that they discovered their medical identity theft via suspicious statements of invoices. This is a promising example of how educating and making consumers aware of medical identity theft can make a big difference in helping reduce the incidence of medical identity theft and its costs as a whole.

Looking into the mitigation process victims are confronted with after they discover their medical identity theft reveals the costs and trouble they have to go through to clear their names. There are two distinct objectives when mitigating medical identity theft. First, the victim must deal with an individual incident such as a thief receiving medical care under the victim’s name and the associated fiscal impact the crime imposes. Second, the victim must now deal with the task of “curing” themselves of medical identity theft, insuring that their medical identity is not abused again in the future. This second objective is extremely difficult and contributes to the devastating nature of medical identity theft.

Regarding the first objective, the process for rectifying an individual incident of medical identity theft is complicated and drawn out. The victim must immediately contact the medical records and billing departments of the healthcare provider that provided the services to the imposter, request their medical records, and inform the provider that they are not responsible for the fraudulent bills. Upon learning that there may be fraudulent information in the victim’s medical record, the healthcare provider may deny the victim access to their medical record for fear of violating the Health Insurance Portability and Accountability Act (HIPAA). HIPAA protects the privacy of patients’ medical records making healthcare providers worry that they may be violating the imposter’s privacy rights by releasing the medical record to the victim. Oftentimes, the healthcare provider does not know for a fact that the fraudulent information in the medical record was a result of medical identity theft and cannot rule out that it may simply have been an accidental mixing of two patients’ records. Regardless of the situation, the healthcare provider is afraid of incurring liability under HIPAA for releasing confidential medical information even if it is under the victim’s name. The victim may have to appeal the decision in order to be able to view their records.

In one case, a medical identity theft victim was charged for bills related to the alleged amputation of one of her feet. Luckily, this was easily refutable as she would simply show the hospital billing department that she still has her two feet. Unfortunately, the imposter also had diabetes which prompted a physician, during a subsequent hospitalization, to ask the victim what medications she was taking to treat her diabetes. Note, the victim has never had the disease (Menn). This case demonstrates how frustrating correcting medical records can be and reminds us how dangerous medical identity theft is to the victim.

It is also recommended that victims file a police report and submit a copy of the report to healthcare providers as it will usually help streamline the process. It is important for victims to note that medical identity theft, like any other form of identity theft, is a crime police are required to provide a police report for in most states. Once the incorrect information is identified, the victim must request that the healthcare provider either remove the information or at least flag it should the provider be reluctant to permanently remove it. After correcting the records at the location the imposter received medical services, the victim will then have to request an accounting of disclosures listing all the entities to which the healthcare provider sent the victim’s fraudulent records. The victim must repeat this procedure at each location that has their fraudulent medical record. All of this creates mountains of work for healthcare providers, insurers, and the victims themselves which increases costs in the medical industry for everyone involved.

The second and more difficult objective, “curing” oneself of medical identity theft, does not have a set solution. The problem stems from the decentralized structure of the medical data system. Every healthcare provider, pharmacy, and insurer has its own records and records system. In contrast, the financial industry has three major credit reporting agencies through which almost all financial credit information is processed. Therefore, when you have suffered financial identity theft, a great way to mitigate future instances of fraud is to place a credit freeze with all three credit reporting agencies so that identity thieves cannot abuse your credit again. There is no such central medical record agency for medical records. Thus, it is possible for a medical identity thief to commit fraud with the same medical identity over and over again in multiple locations around the country. The victim will have to go through the individual incident mitigation process every time and just hope that the identity thief will stop using their medical identity.

Since there is no way to get ahead of the thief and prevent the medical fraud from occurring, the best way to mitigate the costs and effects of medical identity theft is for the victim to be vigilant and confront each instance of fraud as soon as possible in order to reduce the amount of wasted time and costs. This repetitive cycle is exhausting and costly for the victim as well as healthcare providers and insurers. In all three years Ponemon has conducted this survey, the number of victims who said they had completely resolved their medical identity theft never exceeded 11% (Third Annual Survey 11). This is an ongoing problem that does not yet have a solution, but it is imperative for all stakeholders to be involved.

All of this information points us to the realization that medical identity theft is a costly and potentially dangerous crime that is incredibly difficult to resolve. To make matters worse, medical identity theft often goes undiscovered for long periods of time and only becomes more detrimental and difficult to resolve the longer it goes undetected.

The Identity Theft Resource Center proposes that one of the best methods of reducing medical identity theft and the costs associated with it is an educated and aware consumer population. To make this point, it is useful to separate out the causes of identity theft listed in the Ponemon report into two groups. The first group includes causes of identity theft that victims have no control over: healthcare provider used identification to conduct fraudulent billing (22%), malicious employee in the health provider’s office stole health information (7%), and the healthcare provider, insurer or other related organization had a data breach (6%). In total, 35% of the causes of identity theft cannot be affected by actions of the consumer. The second group consists of causes of identity theft that a consumer does have a degree of control over: family member took personal identification credentials without my knowledge (35%), mailed statement or invoice was intercepted by the criminal (6%), lost a wallet containing personal identification credentials (5%), and a phishing attack by criminal who obtained personal identification credentials (4%). Thus, the total of causes of medical identity theft that can be affected by actions of the consumer is 50%. It should be noted that 15% of the participants still did not know how they had their medical identity stolen.

Looking at the numbers above, it is clear that the consumers themselves can have the largest impact in reducing the number of medical identity theft cases and the severity of the cases that still occur. Not only do the consumers themselves have the best ability to reduce the risk of medical identity theft happening to them, they are the only people that can reduce the severity of the crime when it does happen. The Identity Theft Resource Center has long understood the ramifications of medical identity theft on the consumer population as well as the medical industry itself. We know that educating the consumer population can be cost-effective and powerful.

The Identity Theft Resource Center is a founding organization of the Medical Identity Fraud Alliance, the first public/private sector-coordinated effort with a focused agenda that unites all the stakeholders to jointly develop solutions and best practices for medical identity fraud. We encourage all industry stakeholders to join so that we can work together in galvanizing the consumer population into becoming the most effective weapon yet against medical identity theft.

How Consumers Can Minimize Their Risk Of Medical Identity Theft

  • Review Explanation of Benefit statements as soon as you receive them as they may detail medical services that you never received.
  • Review your credit reports multiple times a year to see if any fraudulent accounts have been opened in your name, or if any medical bills have been reported as unpaid.
  • Be aware of phishing emails. These emails are designed to look like they are official communications from either a healthcare provider or insurer and ask for personal information such as a Social Security number, insurance policy number, or other information used to commit medical fraud in your name.
  • Do not open attachments in emails from people you are not familiar with as it may have a virus or program to steal information from your computer.
  • Use a Virtual Private Network when using the Internet outside of your home as this will encrypt your signal from your mobile device or laptop.
  • Do not carry your Medicare card, Social Security card, or certain military identification as these have your Social Security number on them. Should you lose your wallet or purse or have it stolen, this information would be extremely valuable to a medical identity thief.
  • Shred or safeguard any documents with personally identifiable information by either locking them in a safe hidden in the home or by storing them on an encrypted thumb drive and deleting them off your computer. Sensitive documents with PII include:
    • Tax preparation papers
    • Explanation of Benefits statements
    • Medical Bills or Records
    • Bank Statements
    • Passport
    • Medicare, Social Security, or military identification card

References
Nationwide Mutual Insurance Company. “Medical ID Theft Study Results.” March 2012. Print.

Ponemon Institute. “Third Annual Survey on Medical Identity Theft.” June 2012. Print.

Congressional Budget Office. Estimates for the Insurance Coverage Provisions of the Affordable Care Act Updated for the Recent Supreme Court Decision. U.S. Government Printing Office. July 2012. 13 December 2012. http://www.cbo.gov/sites/default/files/cbofiles/attachments/43472-07-24-2012-CoverageEstimates.pdf

Menn, Joseph. “ID Theft Infects Medical Records.” Los Angeles Times. 25 Sept. 2006. N.pag. Web. 20 Dec. 2012