Identity theft (or ID theft) is a crime where personally identifiable information such as name, Social Security number, date of birth, credit card number, health insurance number, etc. is acquired — usually stolen — and used without authorization, to commit fraud or other crimes. Learn more about what you and your company should be doing…to protect yourself and your stakeholders…
These crimes may include using the stolen information to purchase items on credit, obtain a mortgage, gain access to restricted data, file fraudulent health claims, or to establish services such as credit cards.
Identity theft is an ever-increasing problem. While some identity theft victims can quickly resolve their problems, others may need to spend substantial amounts and significant time repairing damage to their good name and credit record. Victims of identity theft may lose out on job opportunities or be denied loans for education, housing, or cars because of negative information on their credit reports. Some may even be arrested for crimes they did not commit.
Medical Identity Theft
Medical identity theft is a criminal act that occurs when a person uses someone else’s personal information, such as name and insurance card number, without that individual’s knowledge to obtain or make false claims for medical services or goods. Unlike financial identity theft, medical identity theft can harm its victims by creating false entries in their medical records at hospitals, doctors’ offices, insurance companies, and pharmacies. These false changes made to victims’ medical files and histories can remain on record for years without discovery or correction.
What Medical Identity Theft is Not
Some ID theft cases may occur in a health care setting, but are not necessarily medical identity theft. If a lab technician at a hospital steals patient credit card information or other financially-related identity information and uses that information to buy goods, this is a criminal act but not medical identity theft. It is financial identity theft. The medical identity of the person was not used or abused even though his/her financial information was used.
Some health care fraud cases involve the alteration of patient information, but are not medical identity theft. A clinician who wishes to cover up a medical error may alter a patient’s record. This does not involve the use or abuse of the identity information of the patient. While quite clearly fraudulent and unethical behavior, it is not medical identity theft.
Some people may willingly share their personal information. If you allow someone else to impersonate you to obtain medical care, it is not identity theft but it is still a crime.
Who commits Medical Identity Theft?
Identity theft can be committed by individuals, doctors, nurses, lab technicians, receptionists, or organized criminal gangs. More often than not, medical identity theft is an insider crime. Workers in doctors’ offices, clinics, and hospitals can copy patient information and use it themselves or provide that information to more organized medical identity theft gangs. These identity theft gangs steal hundreds of medical records as well as doctors’ billing codes. These gangs also set up fake medical clinics offering free health screenings as a ruse to draw in patients and then submit bogus bills to insurers, collect payments for a few months and then disappear before the insurance companies realize they have been scammed.
Similar to financial identity theft, there are cases where family members and friends have assumed the identity of an individual to take advantage of the victim’s health insurance benefits. This is also an example of insider crime, where the perpetrator knows or has easy access to the victim’s identity information, including the health insurance card.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016