Despite strict privacy laws, like the Health Insurance Portability and Accountability Act (HIPAA), intended to safeguard your personal medical information, medical identity theft is on the rise and that could be a prescription for financial disaster.
A law passed in 2009 requires health care providers and other entities covered by HIPAA to inform the U.S. Department of Health and Human Services (HHS) and affected individuals of any such breaches affecting 500 or more people.
The HIPAA Journal compiled statistics on healthcare data breaches from October 2009 through 2017. They found that there were 2,181 healthcare data breaches resulting in the theft/exposure of 176,709,305 healthcare records. Their statistics found “there has been an upward trend in data breaches over the past 9 years, with 2017 seeing more data breach reports than any other year” since they began publishing. The data also revealed that the main cause of healthcare data breaches are hacking and IT-related incidents. They found that “healthcare data breaches are now being reported at a rate of more than one per day.”
Breaches of electronic health records can contain a massive amount of personal information, including your Social Security number, home address and medical history. Identity thieves can then use your name or health insurance numbers to see a doctor or receive additional care, get prescription drugs, procure medical devices or equipment or file claims with your insurance provider.
If the thief’s health information gets mixed with yours, your treatment, insurance records, payment information and credit report could be affected. Even more troubling, when hackers steal your health data they can use that information to commit all kinds of identity theft, not just medical fraud. They can apply for loans, apply for government benefits or rack up charges on credit cards fraudulently taken out in your name.
Your medical and insurance information are valuable to identity thieves. BBB and the Federal Trade Commission (FTC) offer the following advice to help protect you from medical identity theft:
Be Wary of “Free” – Be cautious if someone offers you “free” health services or products but requires you to provide your health plan ID number. Medical identity thieves may pretend to work for an insurance company, doctor’s offices, clinic or pharmacy to try to trick you into revealing sensitive information.
Know Who You’re Talking To – Don’t share medical or insurance information by phone or email unless you initiated the contact and know who you’re dealing with. Call your doctor directly or login to your insurer’s patient portal to verify that the query is really coming from them.
Keep it Safe and Secure – Keep paper and electronic copies of your medical and health insurance records in a safe place. Shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.
Read the “Explanation of Benefits” – Your insurer routinely mails out these summaries of medical services rendered with “This is not a bill” printed on top. Briefly review everything mailed to you from doctors and your insurance company. If you spot anything suspicious, contact the provider or your insurance company.