You and your clients have probably taken certain precautions to prevent the theft of your financial information. But what about guarding against medical identity theft?
Unfortunately, medical identity theft is a real possibility. A thief can steal your personal and insurance information to see a doctor, obtain prescriptions, file claims, or sell on the black market. If the criminal's health information becomes conflated with yours, it can affect your credit and leave you with unpaid bills that may require legal action.
This type of identity theft has received quite a bit of attention recently, especially after Community Health Systems fell victim to the largest breach of medical information to date this past August, when the identifying information of 4.5 million patients that was stored in the system was compromised.
Commonwealth's Information Security team suggests the following tips for guarding against medical identity theft and helping your clients to do the same.
1) Be Aware of the Warning Signs
Review your medical and insurance statements regularly for any indications of a breach. Always be sure to read your Explanation of Benefits (EOB) statement to ensure that all details, including the provider, date of service, and the service provided, are correct.
The Federal Trade Commission (FTC) suggests looking out for other warning signs, including:
- A bill for medical services that you didn't receive
- A call from a debt collector about a medical debt that you don't owe
- Medical collection notices on your credit report
- A notice from your health plan stating your benefit limit has been reached
- A denial of insurance notice because your medical records show a condition that you don't have
If you notice a mistake, incorrect information, or anything amiss, be sure to contact your health provider immediately. Report the specific mistake—preferably with a copy of the record containing the mistake—and explain how to correct it. If necessary, include a copy of your police or identity theft report from the FTC. Be sure to send these important documents via certified mail and ask for a return receipt.
Also, be cautious of free health services or products that require any identifying medical information. Some criminals pretend to work for an insurance company, doctor's office, clinic, or pharmacy to deceive others into revealing identifying information. If you become suspicious of someone who calls you, hang up and call the organization back at the number you have on file to confirm that the caller is truly an employee. Protect your information by storing paper and electronic copies of records securely and shredding outdated forms, statements, and labels from prescription bottles.
2) Rectify Fraud as Soon as Possible
If you determine that your medical identity has been compromised, be sure to:
- Contact each health care provider and ask for copies of your medical records. Federal law enables you to request these for a fee. Be sure to check your state privacy laws, as these vary.
- Ask for "accounting of disclosures" from your medical provider to see who accessed copies of your medical records. You are entitled to a free copy of the accounting from each of your providers every 12 months.
- Notify your health insurer and all three credit report companies of the fraud. Send copies of your police report or identity theft report to your health insurer's fraud department.
- Order copies of your credit reports and consider placing a fraud alert or security freeze on your credit files.
- Update your files with the dates you made the calls or sent letters and keep copies of letters in your files.
(Please note: This list is drawn from the FTC's checklist to correct errors in medical records.)
Finally, be sure to protect your identity with credit monitoring. Even though this isn't specifically designed to monitor medical identity theft, it can alert you if someone is using your social security number, and prompt you to review your medical records to be sure that everything is in order.
Are your clients concerned about medical identity theft? Or identity theft in general? How often do you discuss strategies to safeguard identifying information?