The evidence of harm to real people from medical identity theft is unambiguous. Victims may find themselves in situations where they suffer financial losses, are billed for services that do not actually belong to them, and more. Consider these recent cases from the FTC Consumer Sentinel Hotline dating from 2006:
RECEIPT OF SOMEONE ELSE’S BILLS
NOTIFICATION BY LAW ENFORCEMENT OR AN INSURANCE COMPANY
NOTIFICATION BY A HEALTH CARE PROVIDER
MEDICAL PROBLEM AT AN EMERGENCY ROOM
NOTIFICATION OF DATA BREACH BY A MEDICAL PROVIDER
DENIAL OF INSURANCE COVERAGE, NOTIFICATION THAT BENEFITS HAVE RUN OUT, OR “LIFETIME CAP” HAS BEEN REACHED
REVIEW OF EXPLANATION OF MEDICAL BENEFITS NOTICES
The intentional submission of false claims is the core of health care fraud, and the intentional misuse of personally identifying information is the core of identity theft. Medical identity takes elements from both crimes: medical identity theft is the intentional misuse of personally identifying information to receive medical goods or services, and it usually involves the creation of false medical records, or false entries into existing medical records.
Victims of medical identity theft may need help with recovery in the area of correcting medical files and insurance records. They may also need help in the area of correcting financial information. In the area of financial recovery, multiple excellent resources exist for consumers. But in the area of medical and insurance information correction and recovery, victims will not find nearly the same resources or availability of recourse.
The HIPAA legislation and privacy rule were written at a time when medical identity theft was not foremost on the minds of policymakers. While health care fraud as a general issue was definitely on lawmakers minds (as is evidenced by the specific anti-fraud provisions in HIPAA), medical identity theft and its specific consequences were not.