case study 2.20 medical identity theft

Case Study: Preventing Medical Identity Theft

Medical identity theft is also a very dangerous issue. This type of theft can expose a person's sensitive personal information which can then be used by fraudsters to get medical treatments, benefits, prescription drugs and generally defraud the medical system. The victims, whose medical records have may have been altered through the fraud, may ultimately receive incorrect medical treatment. If the victims learn their records have been altered during their own personal medical emergency, these errors could lead to incorrect diagnoses to even death.

Khaled El Emam, a University of Ottawa professor and the Canada Research Chair in Electronic Health Information, reports that there is no clear understanding of the real scope of this problem because so few cases of medical identity fraud ever make it to the courts. In the US, said Mr. El Emam, where the for-profit health-care system creates incentives for hospitals and insurance companies to root out identity theft, an estimated 15 per cent of claims are considered fraudulent.

Get unlimited access to:

Enter your credentials below to log in. Not yet a member of Health IT Outcomes? Subscribe today .

Please enter your email address and create a password to access the full content, Or log in to your account to continue.

Please tell us more about you so that we can customize our newsletters to your specific interests:

Newsletter Signup

• Are You At Risk?
• If Your Identity Is Stolen
• Expert Insights
• Business Solutions & Compliance

Types of Medical Identity Theft Plus a Real-Life Case of A Nurse Who Had Her Medical Identity Stolen

January 23, 2018 by Research Team

Medical identity theft is a fast-growing type of identity theft with devastating consequences. In this blog post, I will share a real-life case of medical identity theft and detail the most common types of medical identity theft.

Here at LibertyID, our restoration specialists are on the phone every day helping identity theft victims recover their identity and fix the damage identity thieves leave behind. One recent victim we helped was a victim of medical identity theft. She worked as a nurse at a hospital emergency department and one day she was called into the HR department because someone who was admitted as a patient to the same hospital where she worked had used her personal information, including her health insurance, to receive $52,000 in medical services.  Suzanne Ford, LibertyID’s lead restoration specialist, worked on the case and pushed to get a detective involved. The detective was able to get a videotape of the suspect coming and going to the hospital and eventually the identity thief was identified and arrested.

“They think someone internal — inside the hospital in the admitting department who disliked nurse — provided all the information to this person so the thief could come in and get services,” said Ford, who worked diligently to repair the victim’s identity.

Oftentimes medical identity thieves who don’t have their own insurance coverage steal yours in order to obtain free medical treatment by using your policy. They pretend to be you at a hospital or a clinic and then your insurance company (and you) receive the bills. This is just one glimpse of what medical identity theft can look like. Here are a few more types:

• Insider fraud: Invoicing for fraudulent treatment claims you didn’t receive. Crooks sometimes work within the medical industry and know how the insurance billing systems work. They bill your insurance for fake or inflated claims for services you never received.
• Obtain Prescription Drugs: An identity thief assumes your identity in order to be prescribed prescription medications — restricted or otherwise — and then use your health insurance to purchase the meds. As this Consumer Reports article details, one woman had her purse stolen out of her car and months later got a call from a bail bondsman to inform her “she was about to be arrested for acquiring more than 1,700 prescription opioid painkiller pills through area pharmacies,” according to the story. Thankfully the woman had filed a police report after her purse was stolen, so the judge dismissed the charges – though she still had to go through the trauma of being arrested. It took seven years to clear her name fully.
• Obtain Medical Equipment: An identity thief could obtain expensive medical equipment using your insurance benefits, and then turn around and sell the equipment on the black market.
• Fraudulently Get Government Healthcare: Your identity could be stolen and used to get government health benefits like Medicare or Medicaid.

Visit our blog post for signs of Medical Identity Theft . And visit this blog post to learn about “ Six Things You Can Do to Help Protect Against Medical Identity Theft .”

According to recent statistics, the average identity theft victim spends upwards of 200 hours repairing the damage. That’s where LibertyID can help. Our members save themselves massive amounts of time and stress by having our service to rely on when something does happen. If your identity is stolen, we assign you a certified restoration specialist who will clean up the mess, no matter what kind of identity theft you’re facing. LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses.  LibertyID  has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.

*Extended families – primary individual, their spouse/partner, both sets of parents (including those that have been deceased for up to a year), and all children under the age of 25

Photo by Hush Naidoo on Unsplash

Loading your page...

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• West J Emerg Med
• v.15(7); 2014 Nov

Medical Identity Theft in the Emergency Department: Awareness is Crucial

Medical Identity theft in the emergency department (ED) can harm numerous individuals, and many frontline healthcare providers are unaware of this growing concern. The two cases described began as typical ED encounters until red flags were discovered upon validating the patient’s identity. Educating all healthcare personnel within and outside the ED regarding the subtle signs of medical identity theft and implementing institutional policies to identify these criminals will discourage further fraudulent behavior.

INTRODUCTION

The crime of medical identity theft is a growing concern in healthcare institutions. Medical identity theft is a practice in which someone uses another individual’s identifying information, such as health insurance or social security number, without the individual’s knowledge or permission, to obtain medical services or goods, or to obtain money by falsifying claims for medical services and falsifying medical records to support those claims. 1

According to the Federal Trade Commission (FTC), medical identity theft accounted for 3% of identity theft crimes, or 249,000 of the estimated 8.3 million people who had their identities stolen in 2005. 2 More recently, the Ponemon Institute calculated that there were 1.84 million victims of medical identity theft in 2013. 3 These numbers were not specific to particular institutional departments, and emergency departments (EDs) may have a higher percentage of cases due to the growth in ED visits and the obligation to provide treatment in most emergency situations.

Numerous parties are negatively impacted by medical identity theft, including healthcare providers and payers. But, the stakeholder most adversely affected is the healthcare consumer. Consumers may receive inappropriate medications or treatment, which in some instances may be life-threatening. They can also suffer financial burdens when healthcare services provided to the medical identity thief are billed to the consumers or their insurance carriers.

The following cases illustrate common emergency medical encounters that were eventually exposed as incidents of medical identity theft. These incidents were discovered with the combined efforts of multiple healthcare associates, including registration clerks, nursing staff, security officers and physicians, and they were handled without compromising patient care or Emergency Medical Treatment and Labor Act (EMTALA) regulations.

CASE REPORTS

An 18-year-old male presented to the ED with a chief complaint of a headache after a fall twelve hours prior. The patient reported that while walking down the last couple stairs in his house, he slipped and struck his head on the floor. Since the event he had experienced a persistent 6/10 sharp frontal headache. He denied any other associated symptoms including loss of consciousness, blurred vision, gait instability, neck pain, nausea, vomiting, or confusion.

The patient did not have a medical history and denied illicit drug or substance abuse. He answered all questions appropriately and had stable vital signs. His Glasgow Coma Scale was fifteen, and the remainder of his exam including neurological was negative. The patient was given hydrocodone/acetaminophen 5–325mg for his pain.

Upon reentering the patient’s room to assess his pain, the attending physician encountered the patient being questioned by both the hospital security manager and a local police officer. The patient had presented to the ED without any personal identification cards and no means of validating his identity to the nursing staff or registration clerk. In addition, the security manager noted that his signatures on the hospital’s standard financial agreement and patient identification form did not match previous hospital-encounter signatures. The patient was later discharged from the institution uneventfully and without incarceration. Thirty days later, the information obtained by the hospital security manager and local police officer was used to successfully prosecute the patient for a felony of medical identity theft and insurance fraud.

A 19-year-old female presented to the ED with mild lip swelling for two days. The patient denied any associated symptoms, including tongue swelling, shortness of breath, sore throat, voice change or difficulty swallowing. She denied taking any prescribed or over-the-counter medications. She also denied exposure to inhalants or skin irritants.

The patient did not have a medical history, and her vital signs were stable upon presentation. The physical exam was significant for mild lip edema without any tongue or oropharyngeal swelling. The remainder of the exam was negative. The patient was placed on a cardiac monitor and given intravenous diphenhydramine and methylprednisolone.

During her observational period, the registration clerk noted that the patient provided her a maternal insurance card and no personal identification cards. The clerk notified the security manager and, after further investigation, contacted the individual listed on the maternal insurance card. The card holder informed the security manager that she was not related to the patient and was concerned that her insurance card might have been stolen. After the complete resolution of her lip swelling, the patient was discharged and escorted to the local police department for further questioning. As a result of the information obtained by the registration clerk, security manager and local police department, along with the assistance of the victim, 60 days later the fraudulent patient was convicted of a felony for medical identity theft and insurance fraud.

In both cases described, the patients provided medical histories identical to their victims. The patient in the first case fraudulently used his brother’s identification in order to remit costs of the ED visit to his brother’s medical insurance. The patient’s brother was found to be the victim and not an accessory to the crime. During the investigation of the second case, the patient was found to have two outstanding warrants for her arrest. These cases only illustrate a few motives for perpetrating medical identity theft. A telephone survey of chief compliance officers in acute healthcare facilities that had policies to counteract this crime revealed a belief that drug-seeking behavior and the presence of law enforcement officials in the ED may compel patients to commit medical identity theft to avoid potential arrest for other, unrelated crimes. 4 Whatever the underlying reason, this simple deceptive act can have significant negative effects on healthcare consumers, providers and payers.

The primary victim is usually an individual consumer (i.e., potential patient). Some individuals, including the disabled, minors, newborns, elderly and recently deceased, are even more susceptible targets for this type of theft. Medical identity theft may continue for years before it is discovered by a consumer who has a reason to scrutinize his or her medical bills or records. This fraudulent information can lead to denial of payments, exhausted health insurance and the inability of the consumer to obtain future health or life insurance. In addition to this financial burden, it may lead to life-threatening situations such as obtaining wrongful medications.

Medical identity theft is difficult to investigate and resolve. Some consumers believe that this crime is not a high priority due to the lack of laws addressing it and limited law enforcement resources. Medical privacy regulations including Health Insurance Portability and Accountability Act (HIPPA) do not address medical identity theft. In addition, this type of crime is treated differently than financial identity theft. The rights of victims of financial identity theft, such as the ability to see and correct credit report errors, obtain documents related to transactions involving their personal information and preventing consumer reporting agencies from reporting information that resulted from this theft, are not given to individuals of medical identity theft. 5 In most cases, victims cannot directly access their medical records and correct errors, and it is nearly impossible to prevent health care providers, medical clearinghouses or insurances from reporting misinformation. 1

Healthcare providers and payers are usually the secondary victims of medical identity theft. Providers will likely write-off all healthcare expenses incurred as a result of treating fraudulent individuals. 6 Some speculate that ED losses can range from $750,000 to $3,000,000 annually from this theft, which directly affects an emergency medicine physician’s compensation. 7 Providers and plans may unknowingly retain inaccurate information and share this information with third parties, such as life insurance carriers. With the proliferation of electronic health records, this information flows quickly and freely to numerous networks, further jeopardizing patient safety. Still unknown are the legal liability issues for healthcare providers and plans that may or may not have a process in place to prevent medical identity theft. In addition, common law is not yet clear on legal actions taken against a provider or plan related to negligence or malpractice with respect to medical identity theft. 6

In 2008, the FTC issued regulations known as the Red Flag Rules, which required hospital institutions to develop and implement written identity theft prevention programs. 8 Congress later passed the Red Flag Clarification Act of 2010, which eased the requirements, thereby allowing many healthcare organizations to be exempt from this regulation. Consequently, many hospital institutions have not instituted policies on medical identity theft or provided physician or non-physician staff the needed skills to counteract this type of fraud.

The Red Flag Rules enabled organizations to develop a program that includes four basic elements for responding to medical identity theft. The first is identifying relevant red flags within an institution’s day-to-day operations, such as alerts from credit reporting companies, altered or other suspicious documents, mismatched personal identifying information (i.e., incorrect social security number with stated address), fraudulent credit account activity and notices from other sources (i.e., law enforcement). The second element is to detect these relevant red flags through verification and authentication methods. The next element is to prevent and mitigate identity theft. This would include notifying a supervisor or law enforcement in order to monitor and investigate current and existing accounts. Finally, the organization should maintain the program and remain up to date as identity theft tactics change and new technology, such as biometric software for iris scans and facial-recognition, becomes more readily available.

Recommendations

Medical identity theft is a complex crime, and a collaborative effort among individual victims, health information management technologists, institutional security officers, law enforcement, healthcare providers and payers is required to combat its effects. Developing an institutional policy that attempts to prevent and address complaints of medical identity theft must be a priority. In addition, broadening education of this crime to all healthcare associates including registration clerks, nurses and physicians is of great importance. Healthcare organizations that develop a reputation of thoroughly investigating and prosecuting medical identity theft will deter future attempts of this crime by fraudulent individuals. Finally, and most importantly, a heightened awareness of medical identity theft among all healthcare providers will help improve and maintain patient safety.

Supervising Section Editor : Rick McPheeters, DO

Full text available through open access at http://escholarship.org/uc/uciem_westjem

Conflicts of Interest : By the West JEM article submission agreement, all authors are required to disclose all affiliations, funding sources and financial or management relationships that could be perceived as potential sources of bias. The authors disclosed none.

AARP members: Enjoy access to over 90 TED Talks. Find out more.

Popular Searches

AARP daily Crossword Puzzle

Hotels with AARP discounts

Life Insurance

AARP Dental Insurance Plans

Suggested Links

AARP MEMBERSHIP — $12 FOR YOUR FIRST YEAR WHEN YOU SIGN UP FOR AUTOMATIC RENEWAL

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

• right_container

Work & Jobs

Social Security

AARP en Español

• Membership & Benefits
• AARP Rewards
• AARP Rewards %{points}%

Conditions & Treatments

Drugs & Supplements

Health Care & Coverage

Health Benefits

Staying Fit

Your Personalized Guide to Fitness

AARP Hearing Center

Ways To Improve Your Hearing

Brain Health Resources

Tools and Explainers on Brain Health

A Retreat For Those Struggling

Scams & Fraud

Personal Finance

Money Benefits

View and Report Scams in Your Area

AARP Foundation Tax-Aide

Free Tax Preparation Assistance

AARP Money Map

Get Your Finances Back on Track

How to Protect What You Collect

Small Business

Age Discrimination

Flexible Work

Freelance Jobs You Can Do From Home

AARP Skills Builder

Online Courses to Boost Your Career

31 Great Ways to Boost Your Career

ON-DEMAND WEBINARS

Tips to Enhance Your Job Search

Get More out of Your Benefits

When to Start Taking Social Security

10 Top Social Security FAQs

Social Security Benefits Calculator

Medicare Made Easy

Original vs. Medicare Advantage

Enrollment Guide

Step-by-Step Tool for First-Timers

Prescription Drugs

9 Biggest Changes Under New Rx Law

Medicare FAQs

Quick Answers to Your Top Questions

Care at Home

Financial & Legal

Life Balance

LONG-TERM CARE

​Understanding Basics of LTC Insurance​

State Guides

Assistance and Services in Your Area

Prepare to Care Guides

How to Develop a Caregiving Plan

End of Life

How to Cope With Grief, Loss

Recently Played

Word & Trivia

Atari® & Retro

Members Only

Staying Sharp

Mobile Apps

More About Games

Right Again! Trivia

Right Again! Trivia – Sports

Atari® Video Games

Throwback Thursday Crossword

Travel Tips

Vacation Ideas

Destinations

Travel Benefits

Beach vacation ideas

Vacations for Sun and Fun

Plan Ahead for Tourist Taxes

AARP City Guide

Discover Seattle

25 Ways to Save on Your Vacation

Entertainment & Style

Family & Relationships

Personal Tech

Home & Living

Celebrities

Beauty & Style

TV for Grownups

Best Reality TV Shows for Grownups

Robert De Niro Reflects on His Life

Looking Back

50 World Changers Turning 50

Sex & Dating

Spice Up Your Love Life

Navigate All Kinds of Connections

Life & Home

Couple Creates Their Forever Home

Store Medical Records on Your Phone?

Maximize the Life of Your Phone Battery

Virtual Community Center

Join Free Tech Help Events

Create a Hygge Haven

Soups to Comfort Your Soul

Your Ultimate Guide to Mulching

Driver Safety

Maintenance & Safety

Trends & Technology

AARP Smart Guide

How to Keep Your Car Running

We Need To Talk

Assess Your Loved One's Driving Skills

AARP Smart Driver Course

Building Resilience in Difficult Times

Tips for Finding Your Calm

Weight Loss After 50 Challenge

Cautionary Tales of Today's Biggest Scams

7 Top Podcasts for Armchair Travelers

Jean Chatzky: ‘Closing the Savings Gap’

Quick Digest of Today's Top News

AARP Top Tips for Navigating Life

Get Moving With Our Workout Series

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Go to Series Main Page

Medical Identity Theft

Medical identity theft is when someone uses your personal information, especially a Medicare or health insurance number, to get treatment, prescriptions or medical devices, submit claims, or obtain benefits under your name.

It’s a growing menace: Cases of medical ID theft reported to the Federal Trade Commission (FTC) rose from about 6,800 in 2017 to nearly 43,000 in 2021. And it's a particularly insidious form of identity fraud , for a number of reasons:

• It can cost far more than purely financial identity theft. Federal law generally limits consumers’ liability for fraudulent credit card charges to $50, but there are no such protections for a stolen medical identity. Among victims of medical ID theft surveyed in 2015 by the Ponemon Institute, a cybersecurity research firm, those who lost money spent an average of $13,500 to resolve the problem, including legal as well as medical costs.
• It’s considerably harder to undo the damage. Financial and personal complications “can endure for years,” the World Privacy Forum said in a 2017 report, with many victims suffering “long term problems with aggressive medical debt collection ” and severely impaired credit due to phony bills. Some even have faced prosecution because thieves used their identities to stockpile prescription drugs.
• It can harm your health as well as your finances, potentially causing treatment delays, incorrect prescriptions and misdiagnoses. As the FTC notes, “If a scammer gets treatment in your name, that person’s health problems could become a part of your medical record. It could affect your ability to get medical care and insurance benefits, and could even affect decisions made by doctors treating you later on.”

AARP Membership — $12 for your first year when you sign up for Automatic Renewal

Have you seen this scam?

• Call the AARP Fraud Watch Network Helpline at  877-908-3360  or report it with the  AARP Scam Tracking Map .  
• Get  Watchdog Alerts  for tips on avoiding such scams.

ARTICLE CONTINUES AFTER ADVERTISEMENT

Medical profiles are a hot criminal commodity, fetching as much as $1,000 on the dark web compared to $1 for a Social Security number and $5 to $30 for a credit card, according to credit reporting agency Experian. They can be obtained by similar means:  impostor scams ,  phishing ,  data breaches , fake offers of medical freebies, even crooks stealing your mail or going through your trash. But it’s often a matter of “friendly fraud”: In the Ponemon survey, nearly half of victims said their medical ID was used by a relative or someone else they knew.

Warning Signs

• You get a bill for medical services you didn’t receive.
• You hear from a debt collector about a medical debt you didn’t incur.
• Your credit report includes health care expenditures you don’t recognize.
• An explanation of benefits (EOB) from your insurer or a  Medicare Summary Notice  includes office visits you didn’t make or treatment you didn’t receive.
• Your health plan says you’ve reached your benefit limit, citing treatment or services you did not get.
• Someone asks in a call or email for your Medicare or insurance number as part of a health care “survey” or offer of free medical products or services.

AARP® Dental Insurance Plan administered by Delta Dental Insurance Company

Dental insurance plans for members and their families

AARP NEWSLETTERS

%{ newsLetterPromoText  }%

%{ description }%

Privacy Policy

How to protect yourself from this scam

• Do shred outdated insurance forms, physician statements, prescription paperwork and other documents containing medical information before throwing them out. Keep electronic copies of such records secure.
• Do carefully review EOBs, bills and other correspondence from insurers and medical providers. If you see anything suspicious, such as a doctor’s name or treatment date you don’t recognize, notify your insurer immediately.
• Do ask your insurer at least once a year for a full list of benefits paid in your name.
• Do check your credit reports. Through the end of 2022, you can get one free report per week from each of the three reporting agencies (Experian, Equifax and TransUnion).
• Do get copies of your medical files if you believe you’ve been victimized, and act quickly to correct mistakes (see More Resources, below). You have a right to get your records from health care providers, although you may have to pay for them.
• Do file a police report, and give copies to your medical providers, insurers and the credit bureaus. It can help protect you if an identity thief starts using your information for fraud.
• Don’t jump on offers of free health services or products, especially if accompanied by a request for your Medicare or health plan number.
• Don’t provide medical or insurance information over the phone or in an email unless you initiated the communication and are certain of whom you’re dealing with.
• Don’t give medical or personal information in response to an unsolicited call or email from someone who claims to be from Medicare. A Medicare representative will call only if you initiated contact.
• Don’t answer questions from a caller who says he or she is conducting a health survey and needs your Medicare or insurance number.
• Don’t give your insurance information to a family member or friend, even if it’s to help them get treatment. Whatever the intent, it’s considered fraud against medical providers and insurers.

More Resources

• If you’ve been a victim of medical identity theft, file a complaint with the Federal Trade Commission,  online  or at 877-438-4338.
• If the fraud is Medicare-related, report it to the U.S. Department of Health and Human Services’ Office of Inspector General,  online  or at 800-447-8477.
• The FTC’s  fact sheet on medical ID theft  includes a checklist of steps for obtaining and correcting your medical records in case of fraud.

Discover AARP Members Only Access

Already a Member? Login

More on Scams and Fraud

Scams and Fraud Protection Tips

Beware of Scams After a Hurricane or Other Natural Disaster

If You Donate to Relief Efforts for Ukrainians, Give Wisely

AARP Value & Member Benefits

Carrabba's Italian Grill®

10% off dine-in or curbside carryout orders placed by phone

AARP Travel Center Powered by Expedia: Hotels & Resorts

Up to 10% off select hotels

ADT™ Home Security

Savings on monthly home security monitoring

AARP® Staying Sharp®

Activities, recipes, challenges and more with full access to AARP Staying Sharp®

SAVE MONEY WITH THESE LIMITED-TIME OFFERS