Medical Identity Theft: Discussion – New Consumer Tips for Medical Identity Theft Victims
Based on the cases of medical identity theft that have come to light, it is possible to articulate some advice specifically tailored to victims of medical identity theft.  This advice includes the following recommendations:
- Closely monitor any “Explanation of Benefits” sent by an public or private health insurer. If anything appears wrong, raise questions with the insurer or the provider involved. Do not assume that things are okay just because you don’t owe money.
- Once a year, pro-actively request a listing of benefits paid in your name by any health insurer that might have made payments on your behalf.
- Request annually (or more often if there is a specific cause for concern) an accounting of disclosures from health care providers and health insurers.
- Request a full copy of current medical files from each health care provider.
- If a healthcare provider, for example, a hospital, refuses to release medical files that are in your name, file an appeal under HIPAA at the hospital. File a complaint with the Office of Civil Rights at the federal Department of Health and Human Services if you are not satisfied. Consider seeking assistance from state health departments, fraud investigators elected representatives, or lawyers if you believe that the denial of access may be covering medical identity theft.
- If you discover your medical or insurance records contain false information, work to amend those records. If you find information that is not about you or that bears no relationship to treatment that you did not receive, demand that the false information be removed entirely from the record.
The World Privacy Forum will publish on its web site a set of detailed consumer draft letters to help victims find and correct their records.
Medical identity theft is occurring right now. Victims are being harmed right now. Victims are experiencing a disturbing lack of recourse, lack of redress, and inability to recover from the crime due to structural, systemic problems built into the system.
There are not clear numerators for this crime, and in general, it appears that it is just now that the health care provider community is beginning to take some small preventive steps such as checking identification. However, this will not be enough to stop medical identity theft. This is a crime that is often committed by people who know they can make a lot of money from patients and the health care system, and these individuals are often running sophisticated schemes that are difficult to detect.
It is crucial to see the problem of medical identity theft clearly. This will take research and serious studies by both the government and the private sector. Survey instruments need to be designed anew, and need to include questions that will cull out and differentiate medical identity theft as a separate, unique crime so as to begin to better grasp its movements and characteristics.
Consumer education programs for victims of financial identity theft are well-refined; medical identity theft victims are in need of this same kind of refined information that is focused on the problems unique to medical identity theft, such as problems with medical files and amending records at insurers.
Some promising predictive technologies are in process now for health care fraud, and experts such as Malcolm Sparrow have created greater understanding of how to measure fraud. This learning needs to be applied to any iteration of the NHIN. To date, the NHIN has not been well-defined, and it may be over promising on what it can deliver. Going forward, the NHIN planning must include thoughtful and meaningful participation of fraud experts, identity theft experts, technology and security experts who do not have a financial stake in the outcome, medical experts, privacy experts, and most importantly, people who are patients and who have been victims of this crime.
The victims who have been impacted by medical identity theft have to date been largely ignored, despite the serious consequences and harms they must face and deal with. It is now time to work diligently to create new pathways of help and recourse for these victims, who deserve to be heard and helped.
Pam Dixon, Executive Director, World Privacy Forum.
Contributor: Robert Gellman.
The author would like to thank the following individuals and organizations for their contributions to this report:
Malcolm K. Sparrow generously suggested the broad outline for this report. His comments about useful writing approaches to the complexity of fraud issues were greatly appreciated, and were useful.
Caitlin Tobin at the Federal Trade Commission performed miracles with FOIA requests.
Nils Frederickson at the Pennsylvania Attorney General’s office
Los Angeles FBI Health Care Fraud Unit
Mike Ingram, California Department of Insurance SIU Bureau Chief
David Burnham at Transactional Records Access Clearinghouse (TRAC) Connie Woodhead
Carolyn Pennington and Marie Whelan at the University of Connecticut
For More Information:
PDF version of full report is located at <http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf>
For updates to this report and other documents related to the report, see the World Privacy Forum’s Medical Identity Theft page at <http://www.worldprivacyforum.org/medicalidentitytheft.html>
For More Information Contact:
World Privacy Forum
The World Privacy Forum is a 501 (C) (3) non-profit, tax-exempt organization. Its focus is on public interest research and consumer education relating to privacy topics.
Version 1.4.1 May 8 2006
 Victims of medical identity theft who also experience financial consequences should see the following thorough resources for dealing with this aspect of the crime: Federal Trade Commission <http://www.ftc.gov>; Privacy Rights Clearinghouse <http://privacyrights.org>; Identity Theft Resource Center <http://www.idtheftcenter.org>.
Roadmap: Medical Identity Theft – The Information Crime that Can Kill You: Part II Discussion – New Consumer Tips for Medical Identity Theft Victims