By Linda Foley, Founder of the Identity Theft Resource Center
Medical identity theft happens when a person uses your name and address, Social Security number and/or medical insurance policy number to obtain medical services, prescriptions or even surgery. It also occurs when a dishonest person in a medical facility uses your information for fraudulent activity, such as filing for medical services that were never provided. An example of this would be a situation when that imposter benefits financially because the insurance company or federal benefit program would pay them directly for what they think are real services.
Medical identity theft creates two problematic situations for individuals. First, there is a matter of any payment requirements for services you never received. Usually, people first find out about a medical identity theft case when a collection agency contacts them or they go to a doctor, medical facility, or even a dentist and find out they “still owe money.” Other ways victims find out is when they get a bill for services they never had, are told they have reached the “limits on benefits” (much to their surprise), or are denied insurance because of medical conditions they don’t have.
This is the “financial” face of medical identity theft. Typically, victims need to contact the billing department or company that has contacted them to find out the “when, where and why” they were listed on this fraudulent medical service. As with any other type of financial identity theft, it helps to have a police report first to prove you are you. Collection agencies, medical providers and hospitals must provide financial records once you send a “demand” letter under the FCRA section 609e along with the police report.
Unfortunately, there is a more difficult situation that must be resolved – mixed medical records. Within your medical records, there is now medical information associated with the imposter. It is vital to make sure this information is removed or isolated from your records. People hear that medical identity theft could cause them to get the wrong type of blood in an emergency. That issue is remote since blood types are routinely checked prior to giving someone blood. However, it could lead to a misdiagnosis or a delay in a diagnosis. For example, if the imposter had his/her appendix removed, then doctors may not be thinking of appendicitis when you complain of stomach pain.
Under The HIPPA Privacy Rule which all medical providers must follow, you are entitled to see copies of your own medical records. If you see any information that may not be yours, you need to speak with the appropriate department or person holding that information. You have the right to have medical and billing records amended or corrected. You will need to make that demand in writing. In the event your request is refused, you may file a complaint with the U.S. Department of Health and Human Services at http://www.hhs.gov/ocr/.