Health & Medicine

Pain in the wallet: How to protect against medical identity theft

Someone steals your wallet and uses your health insurance card to buy prescription painkillers. Or a family member “borrows” your insurance coverage and racks up medical bills that you’re stuck with. Or someone pilfers your Medicare card to fraudulently access federal benefits in your name.

All are examples of medical identity theft, an increasing threat in the digital age by cyberthieves who gain access to personal information, such as medical data, health insurance records and Social Security numbers.

In 2014, medical identity theft cases jumped an estimated 22 percent compared with the prior year, according to the most recent annual study by the Ponemon Institute, a cybersecurity research firm in Traverse City, Mich. At the same time, more than a third – 35.5 percent – of all U.S. data breaches last year hit hospitals, health care providers and health insurance companies, according to the San Diego-based Identity Theft Resource Center. In the past several years, an estimated 2.3 million U.S. adults have been victims of medical ID theft, according to Ponemon.

Given those numbers, it can feel like we’re particularly exposed and vulnerable.

To get some answers, we talked recently with Diane Umansky, special projects editor at Consumer Reports, whose October issue looks at the threat of medical identity theft and how to protect yourself.

Q: What makes medical ID theft more dangerous than regular financial theft?

A: With health care, it makes things potentially more complicated. For example, if someone uses your medical information to fraudulently obtain services – surgery, hospital care, etc. – that person’s information will be introduced into your medical records. If it doesn’t match what’s true for you, it could affect your medical care. It could state that you had a certain surgery you never had or are taking a certain medication you don’t take or are even allergic to.

Q: Did the push to electronic medical records make us more vulnerable?

A: It’s a fairly significant factor. It used to be your paper documents were living in a file drawer in the doctor’s office or hospital. Now they also have a digital life. … But we have not yet seen any clear data on the relationship between all the data breaches we hear about and medical identity theft. We don’t know what percentage is caused by those big data breaches we’re reading about.

Q: How much is social media putting us at risk?

A: It’s a burgeoning area, given our increasing use of apps and Instagram and Snapchat. As a result of the digital life we all have, you can be at risk by going to health-related websites for support and inadvertently sharing personal data or being unaware of who can see and access your personal information. People should be cautious about putting information on any social media site or website that they don’t want the world to know about. … It’s more information about you that can be collected by bad guys.

Q: Most victims say they didn’t know until getting a debt collector’s notice or spotting a fraudulent medical bill. What should people do if that happens?

A: The first thing is to call the doctor’s office, hospital or lab. It could be just a clerical mistake, so you want to clarify that first. Billing errors can happen. Second, if someone has fraudulently used your information to buy medically related services and you are now either getting billed or dunned for it, go to the police and file a report. You want to establish that you’ve been a crime victim.

The third thing: File an identity theft report with the FTC (Federal Trade Commission) or the Identity Theft Resource Center at (888-400-5530). Contact your health insurance company … most have fraud hotlines. You want your insurer to know so that they can keep a closer eye on anything that comes in related to you.

Q: What’s your best advice to prevent medical ID theft?

A: Be careful with your personal information. If you lose your health insurance card, ask not only for a new card, but a new ID number. That old number will be shut down and a would-be thief can no longer use it. Be stingy with your Social Security number, which is on Medicare cards. Question any medical transaction involving your Social Security number: Why do they need it? For what purpose? (As of January 2015, Congress gave federal health officials four years to permanently remove Social Security numbers from Medicare cards.)

We all should be checking all correspondence from our insurance companies and health care providers. Those “explanation of benefits” statements in the mail or online, it’s really important to read them. It can provide a clue if someone is using your personal information. We also need to be checking our credit reports (free at on a regular basis. If you see odd charges or an account you don’t recognize, that’s a signal.

Perhaps the most important: Get copies of your medical records. Go to each of your health care providers and ask for copies of your records. … In the event you are victimized and your medical records get changed, you will have proof of the original. There’s usually a request process. But it’s absolutely your right to have those copies.

Q: Is the situation hopeless?

A: It sounds dire. However, we have to remember that in the world of identity theft, the numbers (2.3 million victims) on medical identity fraud are still small. It’s still a crime that’s very limited, compared to overall financial identity theft. … There’s no guaranteed way to prevent it in a digital world. But you’re not helpless. You have rights to your medical information.

Identity theft affects millions of people each year. You can learn how to make protecting yourself from identity thieves part of your daily routine.

Claudia Buck: 916-321-1968, @Claudia_Buck