Medical Identity Theft
About medical identity theft, the World Privacy Forum medical identity theft report, and our key resources
The World Privacy Forum is the leading expert on medical ID theft. We published the first major report about medical identity theft in 2006 and brought this crime to the attention of the public for the first time. We maintain up-to-date information and tips for victims, as well as conduct and publish new research.
What is medical identity theft?
Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.
Medical identity theft is a crime that can cause great harm to its victims. Yet despite the profound risk it carries, it is the least studied and most poorly documented of the cluster of identity theft crimes. It is also the most difficult to fix after the fact, because victims have limited rights and recourses. Medical identity theft typically leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years.
Key World Privacy Forum Medical ID Theft Resources:
See the blog roll below for news and new content by date.
World Privacy Forum information and materials on medical identity theft.
Medical ID theft update — The World Privacy Forum is quoted in a Marketplace story regarding our most recent medical identity theft research. WPF wrote the first major research on medical ID theft and coined the term. Our consumer resources for detecting, preventing, and resolving the crime are located here.
Data Breach | HHS HITECH Breach Notification — The World Privacy Forum filed comments on the HHS data breach rulemaking and asked for substantive changes in several areas. In particular, WPF asked HHS to expressly state a requirement for a breach risk assessment in the final rule itself, and to set a requirement that the risk assessment must be conducted by an independent organization. The WPF also asked that HHS set breach risk assessment standards so that there is some uniformity and guidance as to what constitutes an appropriately rigorous risk assessment when a breach occurs. In the comments, WPF also discussed the relationship between medical identity theft and medical data breach and how this impacts patients and consumers.
WPF Red Flag Report — The World Privacy Forum has updated its Red Flag report, Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers. The update reflects the new effective date of the Red Flag Rule, (November 1, 2009) and incorporates other minor updates in the text. This report replaces the original Red Flag report published September 2008.
New Health Privacy Resource — The Patient’s Guide to HIPAA is the first comprehensive guide to medical privacy written expressly for patients with a practical eye as to how to use the law to protect privacy. It is a major privacy resource for patients, written directly and without legalese. The Patient’s Guide to HIPAA is