Medical Identity Theft
About medical identity theft, the World Privacy Forum medical identity theft report, and our key resources
The World Privacy Forum is the leading expert on medical ID theft. We published the first major report about medical identity theft in 2006 and brought this crime to the attention of the public for the first time. We maintain up-to-date information and tips for victims, as well as conduct and publish new research.
What is medical identity theft?
Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.
Medical identity theft is a crime that can cause great harm to its victims. Yet despite the profound risk it carries, it is the least studied and most poorly documented of the cluster of identity theft crimes. It is also the most difficult to fix after the fact, because victims have limited rights and recourses. Medical identity theft typically leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years.
Key World Privacy Forum Medical ID Theft Resources:
See the blog roll below for news and new content by date.
Medical ID theft — The World Privacy Forum has released a new map that reveals the geography of medical identity theft. This is the first map of its kind, and is based on the Federal Trade Commission Consumer Sentinel data. The map is interactive, and gives details on the cities where medical identity theft occurred over the course of a year. The World Privacy Forum published the first report on medical identity theft in 2006, coining the term in the report and bringing the crime to public attention. WPF continues to actively research this important privacy issue.
World Privacy Forum information and materials on medical identity theft.
Medical ID theft update — The World Privacy Forum is quoted in a Marketplace story regarding our most recent medical identity theft research. WPF wrote the first major research on medical ID theft and coined the term. Our consumer resources for detecting, preventing, and resolving the crime are located here.
Data Breach | HHS HITECH Breach Notification — The World Privacy Forum filed comments on the HHS data breach rulemaking and asked for substantive changes in several areas. In particular, WPF asked HHS to expressly state a requirement for a breach risk assessment in the final rule itself, and to set a requirement that the risk assessment must be conducted by an independent organization. The WPF also asked that HHS set breach risk assessment standards so that there is some uniformity and guidance as to what constitutes an appropriately rigorous risk assessment when a breach occurs. In the comments, WPF also discussed the relationship between medical identity theft and medical data breach and how this impacts patients and consumers.
WPF Red Flag Report — The World Privacy Forum has updated its Red Flag report, Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers. The update reflects the new effective date of the Red Flag Rule, (November 1, 2009) and incorporates other minor updates in the text. This report replaces the original Red Flag report published September 2008.