Medical Identity Theft: Discussion – Medical Identity Theft by the Numbers: How Prevalent is this Problem?

Report home | Read the report (PDF) | Previous section | Next section


Medical Identity Theft by the Numbers: How Prevalent is This Problem?

There are unambiguous indications that medical identity exists, and clear indications that this crime is a substantial problem based on the presence of statistical frequency, the presence of prosecutions, and anecdotal evidence from investigators in the field and other members of law enforcement. Statistically, medical identity theft can be viewed both as a subset of identity theft, and as a subset of health care fraud. These two information areas can help gauge the broad trend lines of medical identity theft.

The broad statistics relating to health care fraud clarify that it is an area of crime that rakes in billions of dollars each year. While not all of health care fraud is medical identity theft, the fact that high dollar criminal schemes are already established in this area is not a positive indicator for the chances of medical identity theft going away any time soon. In testimony about the problems of health care fraud FBI director Louis Freeh has said:

“In South Florida and Southern California, we have seen cocaine distributors switch from drug dealing to health care fraud schemes. The reason – the risks of being caught and imprisoned are less. Drug dealers who are committing health care fraud know that they likely will face only minor punishments because law enforcement is not yet equipped with the laws needed to effectively attack this problem.” [30]

The statistics of health care fraud are not currently configured in such a way to allow even an educated guess as to what percent of health care fraud is comprised by medical identity theft. However, general identity theft surveys have included questions about medical identity theft, and as such, give more indication as to what percent of identity crimes are comprised by medical identity theft.

The following discussion of the available statistical numbers following looks first at statistics that specifically inform about medical identity theft. A background discussion of overall identity theft statistics and overall health care fraud statistics is included at the end of this section.


Statistics Specific to Medical Identity Theft

There is a small set of statistics that points to medical identity theft. These statistics, when analyzed in conjunction with the larger universe of health care fraud statistics, suggest that medical identity theft, while reported, is likely to be underreported, and that what is seen may be barely the tip of the iceberg.

Consider these numbers:

Federal Trade Commission Medical Identity Theft Complaints

The Federal Trade Commission has recorded that a total of 19,428 individuals have filed complaints specifically concerning medical identity theft at the Federal Trade Commission from January 1, 1992 to April 12, 2006 though its Consumer Sentinel database.31 For the FTC, which is an agency that does not handle medical issues, nineteen thousand-plus complaints is a high number.

The Federal Trade Commission tracks identity theft complaints through its Identity Theft Clearinghouse. There are two relevant statistics that come from this data: complaints made about use of identity for medical services, and complaints about use of Government benefits, such as Medicare/Medicaid (though this complaint area is not limited to just Medicare/Medicaid.) [32]

  • The number of total people identifying themselves as victims of identity theft has risen each year from 86,168 victims in 2001 to 255,565 victims in 2005.
  • The number of people who had their Government benefits misused each has risen steadily from .4 percent of all victims in 2001 to 1.5 percent of all victims in 2005.
  • The number of people who experienced medical identity theft rose from 1.6 percent in 2001 to 1.8 percent in 2005.

Social Security Administration/Office of Inspector General (SSA/OIG) Hotline Data

The Social Security Administration/Office of Inspector General (SSA/OIG) has a hotline that receives allegation of Social Security Number misuse. A GAO report captured intriguing statistics regarding this hotline. In February 2001, SSA/OIG began sorting their calls into 16 categories of SSN misuse. One of those categories is misuse of Social Security Numbers for medical care. March through September 2001, the fraud hotline received 25,991 identity theft allegations. Medical care comprised 2.1 percent, or 548 allegations. [33]

FTC 2003 Identity Theft Survey

The FTC 2003 Identity Theft Survey identified a broad segment of individuals, who when surveyed said that they had “discovered that their personal information had been misused to open new accounts, to obtain new loans, or to commit theft, fraud, or other crimes. (“New Accounts & Other Frauds” ID Theft).” [34] This group comprised 1.5 percent of all identity theft victims., or almost 3.25 million individuals, according to the FTC. The FTC includes gaining medical treatment in this category. This number indicates that an unknown portion of approximately 3.25 million American adults had their information used to get medical care .

Regarding existing accounts, the FTC found that 2 percent of victims had had their insurance accounts taken over. Again, the type of insurance was not differentiated to be either auto or medical, so this statistic is not highly articulated regarding medical identity theft.

Identity Theft Resource Center 2003 and 2004 Survey

The Identity Theft Resource Center, in its 2003 survey “Identity Theft: The Aftermath 2003” found that 13 percent of respondents said that: “Using my information, someone obtained medical services.” The 2004 follow up survey found that 12 victims, or 23 percent of respondents experienced this. Both surveys also found that despite the right to correct records for financial identity theft victims, 70 in 2004 and 66% in 2003 said that there was still negative information in their records.35 197 respondents completed the 2004 survey, 180 completed the survey in 2003. The respondent pool was comprised of victims of identity theft.

Number of Prosecutions

Though there are not national survey statistics about medical identity theft prosecutions, the California Attorney General’s Office, the New York Attorney General’s Office, and the Pennsylvania Attorney General’s office have prosecuted large cases of medical identity theft, where there was a clear intersection between health care fraud and identity theft. As a trend indicator, these prosecutions indicate at the very least the presence of a trend, if not an uptick. In California and New York, the cases involved large, complex, organized schemes involving the theft of many identities.

Conclusions regarding the medical identity theft indicators

It is not possible to draw clear, sharp conclusions from this body of statistics. However, these statistics are useful and suggest a few broad conclusions.

  • Medical identity theft has been repeatedly documented as a facet of identity theft crimes.
  • Medical identity theft appears to be increasing, based on the numbers available.
  • Data from hotlines and census-style identity theft surveys with questions about medical use of data point with some consistency toward a number in the approximate area of 1.5 to 2 percent for rate of medically-related identity theft in comparison with other forms.
  • Medical identity theft, as articulated by the numbers available, translates in number of victims in 2003 to a range of a minimum of about 3,500 victims to up to a theoretical maximum of almost 3.25 million victims. However, our best estimate is that there could be as many as a quarter to a half million people who have been victims of this crime. [36]

This estimate is highly uncertain because of the lack of comprehensive or firm data. Hopefully, in several years this measurement will be more precisely narrowed by additional studies on medical identity theft.


Background: General Statistics on Identity Theft

Though it is not yet a mature body of research, identity theft has begun to acquire the beginnings of some statistical information regarding its scope, mechanics, and incidence.

An early study of identity theft in 2000 by the Privacy Rights Clearinghouse and CALPIRG contained several key recommendations which later became law, for example, the report recommended that consumers have the right to one free credit report each year. [37]

Three studies, the 2003 FTC Identity Theft Survey, the BBB/Javelin Survey, and the Department of Justice survey released in 2006 are broad national studies that deserve some discussion. The FTC survey and the BBB/Javelin survey have used nearly identical survey instruments, which has provided the beginnings of a longitudinal data set on identity theft. For example:

  • 2005: The Better Business Bureau/ Javelin survey found that in the number of US adult victims of identity fraud was 8.9 million in 2005. [38]
  • 2004: The Better Business Bureau/ Javelin survey found that in 2004, 9.3 million Americans were victims of identity theft. [39]
  • 2003: the FTC Identity Theft Survey found that about 10.1 million people were victims of identity theft. [40]

The Department of Justice identity theft survey, released in April 2006, found that an estimated 3.6 million households (approximately 3 percent of all households in the nation) had learned they were the victim of at least one type of identity theft during a six-month period in 2004. [41] The survey instrument for this study differed from the Javelin and FTC studies.

In the future, survey instruments, particularly large ones, need to differentiate medical identity theft as a separate issue from uses of insurance information, and the survey instruments need to differentiate harms resulting from medical identity theft as separate from financial harms. [42]


Background: General Statistics on Health Care Fraud

Health care fraud encompasses many types of fraud and abuses, including but not limited to medical identity theft. It is unknown what percentage medical identity theft comprises of the fraud statistics, and it is not possible at this time to estimate that number to any degree of accuracy. This is a frustrating problem that is not new just to the understanding of medical identity theft. In 2000, Penny Thompson, the Program Integrity Director for the Health Care Financing Administration, testified about the problems of measuring fraud in Medicare and Medicaid programs. She noted:

“Certain kinds of fraud–such as falsification of medical records–probably would not be detected through current methodology. And other kinds of fraud—on cost reports, for example–are not detectable in a claims-based sampling environment. … Fraud measurement is, in fact, uncharted territory. Our progress in pioneering payment accuracy projects might not even be directly relevant to helping us navigate this new territory. Some experts suggest that a statistically valid estimate of fraud might not be possible at all, given the covert nature and level of evidence necessary to meet the legal definition of fraud. And methods to establish fraud might be considerably different than those used to detect other payment errors.” [43]

Fraud measurement is a challenging measurement environment, and the statistics that exist do not attempt to differentiate medical identity theft as a subset. This report could spend considerable pages discussing statistics detailing claims error rate and money recovered from fraud, and more. But the more useful approach at this point is to gauge how large the overall problem is, and where the trend lines lie.

Health care fraud accounts for an estimated 3 to 10 percent of all health care costs, or 80 to 120 billion dollars of loss per year. [44] This is a number that is so large, it is difficult to comprehend. Malcolm Sparrow, a Harvard professor who has done seminal work on understanding and quantifying health care fraud, explained the scope of the fraud problem:

“How much gets stolen? The magnitude of the problem is measured in terms of hundreds of billions of dollars each year. How many hundreds of billions of dollars? For the time being, nobody knows for sure. If we were lucky, perhaps just one hundred billion. More likely two or three. Quite possibly four, and conceivably five.” [45]

Hotline Statistics

• The Office of the Inspector General of Health and Human Services TIPS line accepts calls about health care fraud and abuse. In 1998, that line received 76,000 calls. In 1999, the TIPS line received approximately 300,000 calls. [46] Private insurers also maintain fraud tips lines, which then pass those tips to their internal investigation units.

• In 2004, BlueCross/Blue Shield plans nationwide received more than 80,000 calls to their anti-fraud hot lines, which was a 15% increase over calls from 2003. [47]

Referrals the Inspector General’s Office of HHS took Some Form of Action On

Health care fraud referrals that the Inspector General’s Office of HHS took action on have risen steadily. In 2001, the IG took action on 14 percent of referrals or 77 referrals. In 2005, it took action on 30 percent of referrals, or 165 referrals. The total number of referrals the HHS Inspector General’s Office has taken action on is 550. Of these referrals, 22.9 percent were dismissed for lack of evidence of criminal intent, 17.5 percent received a Plea (District court), and 2.4 percent went to a jury trial (District court). [48]

Health care fraud prosecutions follow an arc that peaks in the year 2000 then drops. In 1991, 147 health care fraud prosecutions were filed by all Federal agencies, resulting in 26 convictions. Filings steadily rose and reached a peak during 2000 with 705 prosecutions filed and 471 convictions, and have broadly declined since. In 2005, 605 prosecutions were filed resulting in 516 convictions. [49]

In 2000, the median prison term for health care fraud was 5 months. In 2005, the median prison term for health care fraud was 0 months. [50]

As cited in Best’s Review, BlueCross/BlueShield referred 663 fraud cases to law enforcement authorities in 2004, and 189 warrants and indictments were issued. [51]






[30] Statement of Louis J. Freeh, director, Federal Bureau of Investigation, before the Special Committee on Aging, U.S. Senate. Federal News Service, March 21, 1995.

[31] Statistic provided in response to a World Privacy Forum FOIA request to the Federal Trade Commission, FTC FOIA-2006-00560.

[32] See the Federal Trade Commission’s ID Theft Clearinghouse Data, available at: <>.

[33] Government Accountability Office, Identity Theft Prevalence and Cost Appear to be Growing, March 2002 (GAO-02-363) at 30.

[34] FTC Identity Theft Survey 2003, September 2003. Available at <>. See page 4 and page 33. From page 4: “1.5 percent of survey participants reported that in the last year they had discovered that their personal information had been misused to open new credit accounts, take out new loans, or engage in other types of fraud, such as misuse of the victim’s name and identifying information when someone is charged with a crime, when renting an apartment, or when obtaining medical care (“‘New Accounts & Other Frauds’ ID Theft”). This result suggests that almost 3.25 million Americans discovered that their personal information had been misused in this kind of fraud in the past year.”

[35] The ITRC 2003 and 2004 surveys are available at <> and <> respectively.

[36] Statistics are from the FTC Identity Theft Clearinghouse data, taken from the FTC Consumer Sentinel database. The bottom range of this figure represents 1.8 percent of 214, 905 victims, which is the percent of victims that said they experienced medical identity theft in 2003. The larger figure of “approximately 3.25 million” is taken directly from the FTC 2003 Identity Theft Survey. The number represents the entire category of “New Accounts & Other Frauds’ ID Theft” which includes use of identity information for medical purposes. See pages 4, 13, and Table 1. 2003 FTC Identity Theft Survey Report, September, 2003, Federal Trade Commission.

[37] Study available at <>.

[38] <>. See also <> and <>. 39 <>.

[40]Federal Trade Commission, Identity Theft Survey Report (Sept. 2003). <>.

[41] Katrina Baum. Identity Theft, 2004. Released April 2, 2006. (NCJ-212213). <>.

[42] The World Privacy Forum submitted comments suggesting changes to the FTC identity theft survey instrument in response to FTC’s Federal Register notice of 18 November2005, 69970, Vol. 70, No. 222 requesting input. The comments may be read at <>.

[43] Federal News Service. July 12, 2000. Prepared testimony of Penny Thompson Program Integrity Director, Health Care Financing Administration. Before the House Budget Committee Task Force on Health. Medicare and Medicaid program integrity.

[44] Government Accountability Office, May 7, 1992. T-HRD-92-29. Health Insurance: Vulnerable Payers Lose Billions to Fraud and Abuse. Statement of Janet L. Shikles, Director, Health Financing and Policy Issues, Human Resources Division. “Though no one knows for sure, health industry officials estimate that fraud and abuse contribute to some 10 percent of U.S. health care’s current $700-plus billion in costs,” p. 2.

[45] Malcolm K. Sparrow, License to Steal: How Fraud Bleeds America’s Health Care System, at Preface (Westview Press, 2000).

[46] The Department of Health and Human Services And The Department of Justice, Health Care Fraud and Abuse Control Program.Annual Report For FY 1999. See “Beneficiary Outreach” section.

[47] “Fighting On New Fronts.”October 1 2005, Best’s Review.

[48] Statistics obtained by Transactional Records Access Clearinghouse using FOIA. Statistical reports were generated by TRAC for the World Privacy Forum. TRAC is a data gathering, data research and data distribution organization associated with Syracuse University.<>.

[49] Ibid.

[50] Ibid.

[51] “Fighting On New Fronts.”October 1 2005, Best’s Review. See also <>.



Roadmap: Medical Identity Theft – The Information Crime that Can Kill You: Part II Discussion – Medical Identity Theft by the Numbers: How Prevalent is this Problem?


Report home | Read the report (PDF) | Previous section | Next section