By COURTNEY PERKES
Freedom News Service
If a thief steals your wallet, you know to cancel your credit cards immediately, but how much should you worry about your missing insurance card?
Or what if a fraudster obtains medical care in your name and you get sent the bill? And how do you remove the erroneous health information from your file?
In recent months, thousands of† patients have been informed of security breaches of their personal health data. In April, St. Jude Heritage Healthcare sent letters to 22,000 patients after computers were stolen from a billing office. In June, Anthem Blue Cross said an online glitch allowed unauthorized access to confidential information on its Website. In both cases, patients were offered a free year of credit monitoring services.
Attorney Mari Frank recently wrote ďThe Complete Idiotís Guide to Recovering From Identity Theft.Ē The book contains a chapter on medical identity theft. She sat down for an interview in her Laguna Niguel, Calif., home to share her advice.
Q. How common is medical identity theft?
†A. Actually itís becoming more and more common, especially due to the fact that people are finding that medical insurance and medical care is so out of sight. Many of those are also victims of financial identity theft. You remember the story about the woman with the boob job. We see a lot of that. (A 30-year-old woman turned herself in to Huntington Beach, Calif., police in March after she assumed another womanís identity to open a line of credit to pay for breast implants and liposuction.)
†Q. What is the most common way that it happens?
A. We donít have really good statistics on this. The ways I hear about it are when people call me. Only 10 percent of identity theft victims find out how it happened. Medical identity theft is really insidious because you wonít see it on your credit report unless there are bills that arenít paid and then go to collections. I had a woman in California who went to her motherís funeral and her purse was stolen on the conveyer belt at the airport. When she came back, several months later, she started getting these bills from a hospital in Chicago where she supposedly had a baby the night of her motherís funeral. I helped her contact the hospital. They had to change the medical records and put them into a Jane Doe file. They took the collection account out of her name. We did get the records clean.
Q. What does someone need to know about people to steal their identity?
A. You actually need less than what you need to commit financial identity theft. Lots of times you go into the doctorís office and you donít even need to give your Social (Security number). Lots of times you could just have a fake license and go in and get medical care. You donít really need that much. Lots of times you give the medical insurance card and they donít ask to see ID to authenticate it.
Q. There have been a number of security breaches lately of medical records that come with offers of one year of credit monitoring protection. Is that enough?
A. Credit monitoring will not necessarily indicate whether you have become a victim of medical identity theft. If the person has created credit in your name, you might see an inquiry on your report, but some people donít even know to look at inquiries. The inquiry means that a particular financial institution got your credit report for the purpose of issuing you credit. If you have insurance and it goes to your insurance carrier, you might not find out about it for months. If you try to change carriers, you have this pre-existing condition and you have to prove itís not you.
Q. So what should people do?
A. They need to go to the Medical Information Bureau, which is mib.com. You can get that for free once a year. They should see if anyone has applied for insurance in their name. When people apply for health or life insurance, many of the carriers go to the MIB to see if thereís a pre-existing condition. If you got one of those letters, I would put a fraud alert on your credit card or a security freeze where you write to the credit bureau, which will stop new creditors from having the opportunity to get your credit report in order to issue credit to someone. If youíre a victim of identity theft itís free. Otherwise itís $10 for each one. I would also notify my insurance carrier that I want a fraud alert on there.
Q. What challenge do federal privacy laws pose?
A. The Health Insurance Portability and Accountability Act has some privacy provisions in it. If you were starting to get bills from a doctor, if you told that doctor, ďHey, thatís not me,Ē they would not be able to give you copies of those records. First get the records and then tell them it isnít you.
Q. What should doctors, hospitals and insurers do to prevent medical identity fraud?
A. I think they should verify and authenticate whoís coming into their office the first time they come in. They can do that by asking for three pieces of identification. Take a picture. Copy the driverís license. If theyíre applying for credit, like the situation with the woman with the breast implants, they should be more involved and verify that the person lives at that address. They should check to see if the address on the credit report is the same address as the patient has provided.
People need to be very careful about who has access to sensitive information about their patients. If you look at the Blue Cross fiasco, why are these files not encrypted? There is no reason why this information canít be secured better.