This entry is part 17 of 26 in the series HIPAA Privacy-Security Reminders

Medical identity theft is a criminal act that occurs when a person uses someone else’s personal information, such as name and insurance card number, without that individual’s knowledge to obtain or make false claims for medical services or goods.  Learn more about what you and your company should  be doing…to protect yourself and your stakeholders…


Ten Tips on How to Avoid or Detect Medical Identity Theft

  1. Carefully examine the Explanation of Benefits (EOB) sent by your health insurance provider. You receive an EOB whenever a claim for your healthcare benefits is filed. In particular, check the dates of service, the type of service, and the provider. If there are incorrect entries, such as dates listed that you did not receive treatment, contact the insurer or the provider involved. Do not assume that all is okay just because your balance is zero.
  2. Most providers will include a toll-free number on the EOB to call for questions or potentially fraudulent claims information.
  3. At least once a year, request a listing of benefits paid in your name by health insurers that may have made payments on your behalf.
  4. Monitor your credit reports with the nationwide credit reporting companies – Equifax, Experian, and TransUnion – to identify reports of medical debts. You are entitled to one free credit report per year from each of these agencies. One strategy is to request your free credit report from a different agency every 4 months.
  5. Request a full copy of current medical files from each health care provider and examine for errors, such as treatment and medications you never received.
    If you discover your medical or insurance records contain false information, you must work to correct those records. Contact the appropriate patient rights advocates at the insurer and/or provider to correct the false entries.
  6. If you are disposing of your EOBs, bills, or any other statements that contain your health or financial information, always shred this information prior to its disposal. Of course, exercise the same caution when disposing of university-owned personally identifiable data.
  7. If your health insurer provides online access to your records, make use of this feature to frequently check the accuracy of your information. Of course, you must adequately protect your computer from viruses and other threats.

While the HIPAA and HITECH regulations do not explicitly call our Medical Identity Theft safeguards, complying with the regulations by implementing reasonable and appropriate safeguards will help prevent breaches that may result in medical identity theft.

The complete HIPAA Privacy, Security and Breach regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Knowing Identity TheftHIPAA Privacy and Security Reminders – Treat Paper Records & Electronic Data Equally >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.