Medical Identity Theft

About medical identity theft, the World Privacy Forum medical identity theft report, and our key resources

The World Privacy Forum is the leading expert on medical ID theft. We published the first major report about medical identity theft in 2006 and brought this crime to the attention of the public for the first time. We maintain up-to-date information and tips for victims, as well as conduct and publish new research.

What is medical identity theft?

Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name.

Medical identity theft is a crime that can cause great harm to its victims. Yet despite the profound risk it carries, it is the least studied and most poorly documented of the cluster of identity theft crimes. It is also the most difficult to fix after the fact, because victims have limited rights and recourses. Medical identity theft typically leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years.

Key World Privacy Forum Medical ID Theft Resources:

 

 

See the blog roll below for news and new content by date.

 

 

WPF to testify before NCVHS on emerging privacy concerns in health privacy — Beyond Digitization: Artificial Intelligence, APIs, and health privacy

WPF Executive Director Pam Dixon will testify before the full committee of the National Committee on Vital and Health Statistics (NCVHS) regarding emerging privacy concerns in the healthcare environment, including the role of artificial intelligence, patient authorizations, and automated access to patient health information.  The NCVHS is the statutory [42 U.S.C. 242k(k)] public advisory body

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

WPF Comments: Access to the CFPB consumer complaint database is vital to understanding and analyzing identity theft in the US

WPF has urged the CFPB to continue to maintain its consumer complaint database and make complaints available to the public. The CFPB is considering multiple potential changes to its consumer complaint database, including reducing access, among other potential changes. In its comments, WPF explained how CFPB consumer complaint data has been vital to our ability to

Report: The Geography of Medical Identity Theft

This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.