The Rise of Medical Identity Theft
It began like an ordinary purse snatching. The credit card reader on the gas pump at her Houston neighborhood station wasn’t working, so Deborah Ford went inside to pay. By the time she returned to the car, her purse and wallet were gone. Ford filed a police report, canceled credit cards, and requested a new driver’s license and health insurance card. She checked with the bank several times to be sure nothing was funny, then forgot about it.
Two years later, the retired postal worker received an unsettling call from a bail bondsman; she was about to be arrested for acquiring more than 1,700 prescription opioid painkiller pills through area pharmacies.
“I had my mug shot taken, my fingerprints taken,” she says. Ford suffers from psoriasis. and she was so stressed that she broke out in the signature rash. “The policemen looked at my hands and said, ‘That’s what drug users’ hands look like.’ They just assumed I was guilty.”
Later, a judge dismissed the charges. “What saved me from going to jail was that I had filed that police report,” Ford says.
Turns out the thief altered Ford’s driver’s license and used that and her stolen health insurance card to go to doctors to seek prescription painkillers. Eventually, Ford says, a pharmacist became suspicious and called police.
“Boy, the thieves messed me up,” Ford says now of her lengthy and expensive ordeal, which began with the theft in 2008 and didn’t end until she got her name cleared of the arrest record last year. “Once they’ve got your identity, they’ve got you,” she says.
Inside Medical Identity Theft
Ford’s story is but one glimpse of what medical identity theft can look like these days and why it has become a fast-growing strain of identity theft, with an estimated 2.3 million cases identified in 2014, a number that’s up almost 22 percent from the year before.
Your personal health insurance information, including your Social Security number. address, and email address, is valuable and vulnerable. When it gets into the wrong hands it can be used to steal expensive medical services—even surgeries—and prescription drugs or to procure medical devices or equipment such as wheelchairs.
Your medical identity is a commodity that can be hijacked and used to falsify insurance claims or to fraudulently acquire government benefits such as Medicare or Medicaid. Your personal medical information may also be sold on the black market, where it can be used to create entirely new medical identities based on your data.
And more often than you might imagine, people outright share their own medical coverage with an uninsured friend or family member in need of care, which is against the law. (More on that later.)
Because current consumer protections aren’t specifically designed for medical identity theft, experts warn, people need to understand that they may have to take on extensive work to clear up fraudulent bills. Some frustrated victims of medical identity theft simply give up and pay the bills themselves.
But there’s another, far more dangerous problem with medical identity theft: The thief’s own medical treatment, history, and diagnoses can get mixed up with your own electronic health records—potentially tainting and complicating your care for years to come. And that isn’t a hypothetical problem.
“About 20 percent of victims have told us that they got the wrong diagnosis or treatment, or that their care was delayed because there was confusion about what was true in their records due to the identity theft,” says Ann Patterson, a senior vice president of the Medical Identity Fraud Alliance (MIFA), a group of several dozen healthcare organizations and businesses working to reduce the crime and its negative effects.
Havoc in Victims’ Lives
The long tail on medical identity theft can create havoc in victims’ lives. Take Anndorie Cromar’s experience. A pregnant woman reportedly used Cromar’s medical identity to pay for maternity care at a nearby hospital in Utah.
Soon, officials from child protective services assumed the infant—born with drugs in her system—was Cromar’s baby, and Cromar says the state, not realizing her medical identity had been hijacked, threatened to take her own four children away.
A DNA test she took helped to get her name off of the infant’s birth certificate, she says, but it took years to get her medical records corrected.
“That first stage was the most terrifying thing I’ve ever experienced in my life, getting the call from CPS and having them say, ‘We are coming to take your kids,’ ” Cromar told Consumer Reports.
An Insidious Kind of Fraud
Financial identity theft is nothing new: Perhaps you or someone you know has had to deal with undoing the mess that happens when someone illegally obtains your personal financial information and uses it to drain your bank account or rack up charges on credit cards fraudulently taken out in your name.
Setting credit accounts back to normal can be a hassle, but your money is, for the most part, protected under the Fair Credit Billing Act. You’re liable for only $50, at most, of unauthorized charges on a credit card if you follow simple notification steps. And there are defined reimbursement rules if money is illegally withdrawn with a stolen ATM or debit card.
But when consumers become victims of medical identity fraud, stopping the damage and clearing up the bills is much more difficult and time consuming.
Deborah Ford had to quickly figure out what had been done in her name and try to undo the damage. She got on the phone and wrote letters and even tried to track down doctors the criminal had used. “All I have is my name, my integrity,” she says.
Investigators later told her that the thieves were savvy at knowing the system, always waiting 45 days between trips to the same pharmacy to avoid being identified by store video. “They were so slick about it,” Ford says. ‘To this day, I don’t know who they were. But they were slick, that’s for sure.”
Spotting It, Preventing it
Experts say detecting the fraud in the first place can be the most difficult part. “Medical identify theft and fraud is much harder to spot than financial fraud,” says Michelle De Mooy, acting director of the Privacy Data Project at the nonprofit Center for Democracy Technology. “The bank calls you if they see charges in the system that raise an alarm. This kind of fraud is much easier to hide for a longer time.”
That’s why consumers need to be especially smart and careful about how and when they share their personal, medical, and insurance information.
Here are a few basic ways you can safeguard your medical privacy and identity: Read those explanation of benefits letters as if they were bank statements. Carefully check all of the correspondence you receive from health insurers and healthcare providers for accuracy and for bills of service that you don’t recognize. Also review your credit reports for unfamiliar debts. Be stingy with your personal health information, Social Security card, and insurance cards. If someone asks for them, inquire whether it is really necessary.
And don’t post news of an upcoming surgery on Facebook or other social media outlets, Patterson recommends. You can’t really be sure who might see it. Consider, for example, that a criminal could scoop up the notice of your impending hip replacement and add it to other information he or she can easily find about you online, creating a more robust, more exploitable personal profile. As Eva Velasquez, president and CEO of the ITRC, says, “Our rule of thumb is if it’s not something you’d want plastered on a billboard, don’t post it. Because essentially every single thing you post has that potential.”
All in the Family
Ronnie Bogle, a museum supervisor from San Jose, Calif. says that for more than a decade, he had no idea that his brother Gary had been stealing his identity to secure healthcare across several states.
Gary had a simple routine, Ronnie says: He would move to a new town or city, purchase a picture ID, then present the ID—along with Ronnie’s Social Security number—to get treatment, often at hospitals. Gary often claimed to be uninsured when he sought care. After he was treated, the bills were later sent to his given address, not Ronnie’s.
Ronnie told Consumer Reports that he only learned what Gary was up to in 2010 after applying for a new credit card and being turned down. He says his credit report contained listing after listing of unpaid debt—for his brother’s hospital visits and treatments over the years.
Eventually, Gary was arrested and pleaded guilty to 10 counts of criminal impersonation in California. He’s facing more charges in Washington state for allegedly stealing his brother’s identity there.
It has taken two years for Ronnie Bogle to straighten out his credit and get his brother’s medical bills off his financial record. “He destroyed my credit history multiple times,” Ronnie says.