Opportunity for crime comes in many forms, from an open window for a burglar to a victim’s lack of information to avoid a fraudster. At one point or another, many of us have fallen victim to a theft or have even just lost a wallet, but something that doesn’t often come to the forefront of our minds is protecting our medical identity in such a situation.
A patient in South Carolina, an ex-marine in good health, lost his wallet when he left boot camp back in 2005. He went back home to California. Over a year later he received a call from his mother informing him that he was the lead suspect in a string of auto thefts in South Carolina! The man who found his wallet used his military ID and driver’s license to test-drive cars that he would never return to the dealership – grand-theft auto in our patient’s name.
This in itself is a tough resolution, but what’s even worse is that this man’s problems weren’t over; they also included medical identity theft.
The man who found his wallet and test drove those cars also racked up a $20,000 medical bill treating kidney stones and an injured wrist. The ex-marine never thought to call and inform his insurance carrier, so he was on the hook for those bills. He was hounded by collection agencies and the government even withheld his tax return! These issues were finally resolved, but it took over a year of appeals, phone calls, withheld income, and finally the intervention of the US Secret Service to pinpoint the man who stole his identity – Arthur Watts. Not all of us would be afforded that luxury (the Secret Service was brought in by the US attorney’s office to help in this investigation).
When someone loses a credit card, the process is simple: call your credit card company and notify them. Any reputable company will refund your money – they investigate the claim, and within about a week you will have a resolution that will cost no more than $50 by law, and often nothing at all. When someone loses their healthcare benefits card in that same wallet, there is no course of action that takes place regarding the benefit card, and most people don’t realize something is wrong until they start getting collection calls or run a credit report months or even years later.
This doesn’t just happen one victim at a time when wallets are lost either. The implementation of Electronic Health Records in hospitals and doctors’ offices increases the scale of these problems. The wrong person gaining access to the system can mean tens, hundreds, or even thousands of Social Security numbers and benefit profiles at risk. Lax technological security is another issue with this type of information. Earlier this month, BlueCross-BlueShield of Tennessee agreed to pay $1.5 million for a 2009 breach in which over 50 hard drives holding over 1 million patient profiles were stolen.
This is a dangerous lapse by BCBS, who is entrusted by its patients to guard their most personal and valuable information, including names, SSN’s, and policy numbers. It was an inside job that could happen again. This tells us two things: a person’s medical identity is a coveted asset in fraud, and there is significant opportunity due to the lack of detection and prevention.
The reality is that healthcare fraud occurs at a lower instance rate than credit card fraud, but with higher dollar amounts per instance. This translates into less public awareness and education on the risks, and much more financial risk and discomfort for those afflicted by medical identity theft. The laws protecting medical identity theft are not the same as those protecting victims of credit card theft – it is harder to recover the money, it takes longer, and the money might not be totally recoverable. Possibly the most devastating implication of medical identity theft, though, is the impact it can have on your medical record.
The changes to a medical record can impact insurance coverage and treatment by providers. A legitimate healthcare claim for an emergency surgery can turn into a nightmare when it is denied by a carrier because the patient has “reached the maximum on benefits” thanks to this undetected fraud. Even more difficult to resolve is being denied benefits, or even being dropped from coverage, all due to a medical condition that you don’t have, yet someone else has reported under your name.
Electronic medical records can be amended, but it’s much more work to have things deleted, because of the implications your medical condition has on insurance coverage and pricing.
This begs the attention of employers in protecting their employees. Carriers need to dutifully encrypt information and protect their customers. And, most importantly, patients must educate themselves and advocate for their own well-being. The Federal Trade Commission [FTC] agrees (http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt10.shtm).
- Read your EOB’s and know what you are being charged for
- Check the name of your provider, date of service, & service provided
- Discrepancy? – call your healthcare provider
- Review a copy of each credit report – annually verify the integrity of ALL information listed
- Patient tracking of personal health and ideally annual comparison to medical records provided by insurance carrier
The next steps to take if fraud is suspected include filing a complaint with the FTC and a report with local police, exercising HIPAA patient rights and correcting any errors on your medical record, and activating a fraud alert and security (credit) freeze with the individual credit agencies (Experian, Equifax, Transunion).http://health.usnews.com/health-news/family-health/articles/2008/02/29/medical-identity-theft-turns-patients-into-victims.