There have been two recent articles about medical identity theft, which has affected 250,000 people, according to (pdf) the Federal Trade Commission. The World Privacy Forum has excellent resources on medical identity theft and recently released “A Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy.”
The Las Vegas Sun reports:
[Medical identity theft is] a growing fraud that experts say can be far more destructive than other forms of ID theft. People who discover their bank accounts have been compromised can dispute charges and set up credit monitoring services. People whose medical identities are stolen, however, have no clear-cut way to correct inaccurate records or challenge false insurance claims. Straightening out stolen health care is a red tape nightmare, complicated by strict patient privacy laws and the paper-shuffling bureaucracy of insurance providers.
This isn’t just maddening, it’s potentially dangerous. An impostor’s medical procedures can contaminate the victim’s records — if the fake Bennett gets a Type A blood transfusion, for example, doctors looking through the real Bennett’s records after a serious car accident might reasonably assume it’s the type he needs, even if that’s incorrect.
The potential for improper treatment will only grow, experts fear, as medical providers trade paper records for electronic archives and the country moves closer to a computerized health information network. […]
Some medical identity theft victims have successfully convinced hospitals and doctors of their circumstances only to find that, as a result, they can no longer look at their own medical records because if the care providers provided access, that would compromise the privacy of the impostor who has infiltrated them.
The New York Times reports:
Medical identity theft takes many guises. In Mr. Sharp’s case, someone got hold of his name and Social Security number and used them to receive emergency medical services, which many hospitals are obliged to provide whether or not a person has insurance. […]
In another variant of the crime, someone can use stolen insurance information, like the basic member ID and group policy number found on insurance cards, to impersonate you — and receive everything from a routine physical to major surgery under your coverage. This is surprisingly easy to do, because many doctors and hospitals do not ask for identification beyond insurance information.
Even more common, however, are cases where medical information is stolen by insiders at a medical office. Thieves download vital personal insurance data and related information from the operation’s computerized medical records, then sell it on the black market or use it themselves to make fraudulent billing claims.
In a widely reported case in 2006, a clerk at a Cleveland Clinic branch office in Weston, Fla., downloaded the records of more than 1,100 Medicare patients and gave the information to her cousin, who in turn, made $2.8 million in bogus claims.