This entry is part 16 of 26 in the series HIPAA Privacy-Security Reminders

Identity theft (or ID theft) is a crime where personally identifiable information such as name, Social Security number, date of birth, credit card number, health insurance number, etc. is acquired — usually stolen — and used without authorization, to commit fraud or other crimes.  Learn more about what you and your company should  be doing…to protect yourself and your stakeholders…

 identity_theft_how_info_used_310x374Identity Theft

These crimes may include using the stolen information to purchase items on credit, obtain a mortgage, gain access to restricted data, file fraudulent health claims, or to establish services such as credit cards.

Identity theft is an ever-increasing problem. While some identity theft victims can quickly resolve their problems, others may need to spend substantial amounts and significant time repairing damage to their good name and credit record. Victims of identity theft may lose out on job opportunities or be denied loans for education, housing, or cars because of negative information on their credit reports. Some may even be arrested for crimes they did not commit.

Medical Identity Theft

Medical identity theft is a criminal act that occurs when a person uses someone else’s personal information, such as name and insurance card number, without that individual’s knowledge to obtain or make false claims for medical services or goods. Unlike financial identity theft, medical identity theft can harm its victims by creating false entries in their medical records at hospitals, doctors’ offices, insurance companies, and pharmacies. These false changes made to victims’ medical files and histories can remain on record for years without discovery or correction.

What Medical Identity Theft is Not

Some ID theft cases may occur in a health care setting, but are not necessarily medical identity theft. If a lab technician at a hospital steals patient credit card information or other financially-related identity information and uses that information to buy goods, this is a criminal act but not medical identity theft. It is financial identity theft. The medical identity of the person was not used or abused even though his/her financial information was used.

Some health care fraud cases involve the alteration of patient information, but are not medical identity theft. A clinician who wishes to cover up a medical error may alter a patient’s record. This does not involve the use or abuse of the identity information of the patient. While quite clearly fraudulent and unethical behavior, it is not medical identity theft.

Some people may willingly share their personal information. If you allow someone else to impersonate you to obtain medical care, it is not identity theft but it is still a crime.

Who commits Medical Identity Theft?

Identity theft can be committed by individuals, doctors, nurses, lab technicians, receptionists, or organized criminal gangs. More often than not, medical identity theft is an insider crime. Workers in doctors’ offices, clinics, and hospitals can copy patient information and use it themselves or provide that information to more organized medical identity theft gangs. These identity theft gangs steal hundreds of medical records as well as doctors’ billing codes. These gangs also set up fake medical clinics offering free health screenings as a ruse to draw in patients and then submit bogus bills to insurers, collect payments for a few months and then disappear before the insurance companies realize they have been scammed.

Similar to financial identity theft, there are cases where family members and friends have assumed the identity of an individual to take advantage of the victim’s health insurance benefits. This is also an example of insider crime, where the perpetrator knows or has easy access to the victim’s identity information, including the health insurance card.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.


Series Navigation<< HIPAA Privacy and Security Reminders – Transporting Medical RecordsHIPAA Privacy and Security Reminders – Avoid Medical Identity Theft >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.