Medical Identity Theft: Discussion – Some Dynamics of Medical Identity Theft

Report home | Read the report (PDF) | Previous section | Next section


Falsification of Medical Charts is a Root Issue

The intentional submission of false claims is the core of health care fraud, and the intentional misuse of personally identifying information is the core of identity theft. Medical identity takes elements from both crimes: medical identity theft is the intentional misuse of personally identifying information to receive medical goods or services, and it usually involves the creation of false medical records, or false entries into existing medical records.

That this happens frequently is well-known among those working in the trenches of insurance fraud. Insurance fraud investigators know that identity theft frequently leads to fraudulent insurance claims. In one case, for example, a person’s insurance card was stolen and used to obtain nearly $50,000 worth of medical care. [86] The World Privacy Forum’s interviews with investigators from multiple jurisdictions and agencies found that the concerns about identity theft and insurance fraud are widespread.

The prosecutor’s observations were echoed by the interviews the World Privacy Forum conducted with investigators from multiple jurisdictions and agencies.

Abundant evidence exists that the creation of false records can have profound impact which ranges from bad to potentially life-threatening. It is not unusual to find that victims’ medical records have been changed to match the diseases and bodies of the perpetrator of the crime when the thief seeks medical treatment. One victim of medical identity theft, for example, showed up for medical treatment to find that her blood type had been altered in her medical files. [87]

Because medical identity theft is a crime that operates in a digital environment, hundreds or even thousands of medical records at a time may be electronically altered to support fake medical billings in get-rich-quick-schemes. Depending on the scheme, the records can be changed in damaging ways. In California, unscrupulous medical providers were caught buying Medi-Cal and Medicare patient identity numbers. The thieves were using the patient’s identities to get reimbursed for millions of dollars in tests and other services that were never provided. The California Medi-Cal identity theft scam specifically involved bad actors using stolen patient information purchased for as little as $100. During interrogations, investigators learned that workers in medical records offices and billing departments had copied the information for cash. Investigators said searches had turned up medical charts in the process of being altered, with some that had been postdated or written up in a way that made no sense. [88]

No matter why or how it happens, when victims’ medical files are altered, it can have negative impacts on their lives. Victims may not be able to get health or life insurance due to diseases they never had that were recorded fraudulently in their medical files. They may receive improper treatment at a hospital emergency room or other health provider that is life-threatening due to misinformation in the medical file.


Who Commits Medical Identity Theft?

Identity theft can be committed by individuals, doctors, nurses, lab technicians, organized crime rings, and more. This report does not primarily focus on the mechanics of how the crime occurred. However, it is important to note that medical identity theft is an “insider” crime more often than not, and frequently involves health professionals at some level. One Medicaire/Medicaid fraud investigator interviewed for this report went so far as to say that the crimes she saw always had a component of a medical professional being involved. Sometimes, even the doctors are victims of identity theft; one of the mechanisms of medical identity theft in organized crime is to use a legitimate and innocent doctors’ identity to steal patient identities.


Organized Crime

Organized, complex schemes have been discovered in California, Florida, and New York. In the hands of organized crime, false claims are spread out across multiple patients, and the claim amounts are small. Malcolm Sparrow describes this process in his book, License to Steal:

“Most large fraud schemes are deliberately constructed around larger numbers of smaller claims (to avoid arousing suspicion.)” [89]

Organized patterns of this crime tend to involve what is called “clinic takeover.” This is where a group purchases a small clinic, operates the scam out it for a few months to a year, then shuts the operation down and disappears. The clinic may or may not be staffed with real doctors. Clinic takeover is particularly insidious because patients get taken into a slick scam and may have no idea that there was every a problem. Victims of clinic takeovers may in some cases be visiting clinics where each person they see there is involved in some way with the crime. [90]


Solo Identity Thieves

Lone identity thieves do commit medical identity theft. So far, the pattern appears to be that of a seasoned criminal committing the crime. Occasionally, an individual with no criminal background but who is desperate for health insurance will commit this crime. This occurred at the University of Connecticut. In that case, a man with AIDs used his cousin’s health insurance information to receive approximately $76,000 worth of treatment. [91]

The more experienced the criminal, the more likely they are to have acquired a fake driver’s license. This was the situation in a case in 2000 where a San Diego man used one victim’s identity to commit financial identity theft and to receive medical treatment while he was impersonating the victim. [92]


Doctors and Other Health Care Providers

Doctors can be involved in medical identity theft schemes. This does not represent the majority of doctors, rather it represents only a small percentage of bad actors. There are numerous ways the “bad actor” doctors have been involved. Some operate alone, some “rent” their license information to scammers, and some operate as the legitimizing factor for organized “clinic takeovers.”

One example of this occurred during 1995 to 1996. Six individuals who took over a clinic in Miami for a period of about a year submitted $6.5 million in claims, including claims for beneficiaries who never went to the clinic for services. The way the scheme operated was in cooperation with legitimate doctors who sold their medical licenses and provider numbers to the clinic. [93]


Relatives of beneficiaries

As in financial forms of identity theft, there are cases where siblings and extended family members have taken over the identity of an individual within the family. The University of Connecticut case is one example of this, as is the New Mexico case where a hospital near Albuquerque, New Mexico treated a woman for a toothache. When hospital staff called the patient to check on her condition, they discovered that the patient had impersonated her sister, who lived in the area. [94]



Individuals who work in settings where there is a lot of patient data may be tempted by the quick money medical identity theft provides. The pattern here is for people who have insider access to doctor’s offices or hospitals to copy patient information and sell it, or to use that information to help provide victims for more organized medical identity theft schemes.


Medical Identity Theft is a Crime that Hides

The reason health care fraud is so difficult to track is that the crime hides itself well. Sparrow has commented on this issue:

“With health care fraud, as with many other forms of white collar crime, what you see is not the problem. The problem, by its very nature, is largely invisible, and we make a grave mistake if we inform ourselves about the problem only by paying attention to what comes to light.” [95]

Financial identity theft — such as situations where a thief takes over a victim’s credit card account or uses the victim’s information to create new accounts — typically reveals itself on the victim’s credit card or in the victim’s credit report. Additionally, credit card companies and other financial institutions have sophisticated fraud detection systems that flag fraud attempts in real-time. Many people who use credit cards can identify a time that they received a phone call from a credit card company asking about “unusual activity” on their cards. As a result of these and other tools, quite often, victims of financial identity theft may discover the crime if they are paying enough attention. Currently, there are a number of mechanisms such as free credit report checks that help victims do just that.


[86] US Fed News. September 15, 2005. “Office of insurance fraud prosecutor charges Newark woman with using stolen identity to commit insurance fraud.” Dateline: Trenton, N.J.

[87] Federal Trade Commission, <>. August 18, 2000.

[88] See Jason Kandel, “Medi-Cal Fraud Flourishing on Black Market,” 7 August 2005, Los Angeles Daily News.

[89] Malcolm K. Sparrow, License to Steal: How Fraud Bleeds America’s Health Care System, at 51 (Westview Press, 2000)

[90] U.S. v. Dzugha, Case 5:05-cr-00589-JF (N. Cal). Indictment, pages 4 –7.

[91] Interviews with hospital staff members, also see University of Connecticut Advance, “Steps taken to stem healthcare identity theft,” September 7, 2005. <>.

[92] “FBI announces indictment and arrest in a case of identity theft,” Federal Bureau of Investigation San Diego Division press release, March 8, 2000. <>.

[93] “Arrests made in $6.5 million Health Care Fraud Scheme,” Office of the Attorney General of Florida press release, November 23, 1999.

[94] Rozanna m. Martinez, “Ex-Deputy Is Indicted On Charges of Fraud” 5 April 2006, Albuquerque Journal..

[95] Malcolm K. Sparrow, License to Steal: How Fraud Bleeds America’s Health Care System, at 51 (Westview Press, 2000)



Roadmap: Medical Identity Theft – The Information Crime that Can Kill You: Part II Discussion – Some Dynamics of Medical Identity Theft


Report home | Read the report (PDF) | Previous section | Next section