Medical Identity Theft: What It Is and How to Protect Yourself
Quick Answer
Medical identity theft is less widely understood than financial identity theft, but it carries unique dangers. When a thief uses your identity to receive medical care, their diagnoses, medications, and treatment history can be added to your records, potentially causing harm if emergency providers make decisions based on inaccurate information.
How Medical Identity Theft Happens
Insurance fraud. Someone uses your health insurance information to receive medical services, prescriptions, or durable medical equipment. The claims are billed to your insurer under your name and policy number.
Medicare and Medicaid fraud. Your Medicare or Medicaid number is used to bill the government for services you never received. This is a significant source of federal healthcare fraud losses.
Stolen physical cards. A lost or stolen insurance card provides all the information needed to impersonate you with providers.
Data breaches. Healthcare organisations are frequent breach targets. Your information may be obtained and sold without your knowledge.
Insider theft. Healthcare employees with access to patient records occasionally misuse that access.
Warning Signs
- An Explanation of Benefits (EOB) from your insurer listing services you did not receive
- A bill from a healthcare provider you have never visited
- A collection notice for a medical debt you do not recognise
- Your insurer denies a claim because records show you have already reached your coverage limit
- A provider has records of conditions you do not have
How to Check If You Are a Victim
Review every Explanation of Benefits. Your insurer sends an EOB after every claim. Review each one for services you did not receive. This is the earliest warning signal.
Request a benefits statement from your insurer. Ask for a list of all claims filed under your policy in the past year and review for unfamiliar entries.
Request your medical records. Under HIPAA, you have the right to request your medical records from any provider. Review for conditions, treatments, or visits that are not yours.
Check your Medicare Summary Notice. If you are on Medicare, review the quarterly Medicare Summary Notice for claims you do not recognise. You can also check at mymedicare.gov.
Steps to Take If You Are a Victim
Step 1: Contact your health insurer's fraud department immediately. Report the specific claims you did not authorise and ask them to flag your account.
Step 2: Contact all providers involved. Request that fraudulent records be corrected or annotated. Under HIPAA, you have the right to amend inaccurate medical records.
Step 3: File a report at IdentityTheft.gov. The FTC's recovery tool provides personalised steps for medical identity theft.
Step 4: File a complaint with HHS Office for Civil Rights if a HIPAA violation was involved: hhs.gov/ocr/privacy, 1-800-368-1019.
Step 5: For Medicare fraud, report to HHS Office of Inspector General: 1-800-HHS-TIPS (1-800-447-8477).
How to Protect Yourself
- Treat your insurance card like a credit card, do not share the number casually
- Review every EOB when it arrives
- Request your medical records annually to check for accuracy
- Shred medical documents before disposal
- Use strong passwords and 2FA on patient portal accounts
- Report lost or stolen insurance cards to your insurer immediately