Michelle Andrews | (TNS) KFF Health News
After HCA Healthcare made an announcement earlier this month that the personal identification data of approximately 11 million HCA patients in 20 states had been exposed in a breach, there is legitimate concern among people that their own medical data and identities could be stolen. It’s important for consumers to understand that “medical identity” fraud can occur in various ways, from large-scale breaches to individual theft of someone’s data. Just ask Evelyn Miller.
The first indication that something was wrong came in the form of a text message Miller received from an Emory University Hospital emergency department, informing her that her wait time to be seen was 30 minutes to 1 hour. Miller found this strange, as she no longer lives in Atlanta and hasn’t used that hospital system in years. She then received a second text that was similar to the first, which led her to believe it was spam. However, when she received a call the next day from an Emory staff member named Michael, discussing the diagnostic results from her ER visit, she knew something was definitely amiss.
Miller expressed her shock, stating, “It amazed me that someone could get registered with another person’s name and no ID was checked or anything.” Although the name and date of birth the staff member had on record for her were correct, Miller’s address was not. She currently resides in Blairsville, Georgia, which is several hours away from Atlanta. Michael assured Miller that he would correct the issue. However, the following week, she received a bill from Emory totaling over $3,600. After an unsatisfactory conversation with someone in the hospital’s billing department, Miller decided to reach out to the hospital’s privacy officer and wrote a letter explaining her suspicions of fraud.
When contacted about Miller’s case, Emory Healthcare spokesperson Janet Christenbury declined to comment specifically but did state, “We take these matters seriously and work with our teams to ensure our processes and procedures are followed.” Fortunately, Miller, a retired healthcare administrator, was more knowledgeable about potential incidents like this. However, the average person may not be aware of such issues until long after their data has been stolen. Eva Velasquez, president and CEO of the Identity Theft Resource Center, explained, “The majority of victims find out when they’re trying to move on with their lives, if bills have gone to collections.” For example, someone may discover that unpaid medical bills for care they never received have ruined their credit when they try to apply for a mortgage.
Medical identity theft poses unique risks compared to other forms of identity fraud. In addition to stealing personal data such as Social Security numbers, dates of birth, and addresses, medical identity thieves can access victims’ medical records and care information, potentially endangering their health. Velasquez noted, “Sometimes people can’t get their prescriptions if their records are mixed with someone else’s. Maybe you won’t be able to get the treatment that you need. There are serious implications.”
Medical identity theft can be a result of an individual’s insurance card being stolen or “borrowed” to pay for healthcare, or it can occur through a data breach like the one experienced by HCA Healthcare. However, experts say that large-scale breaches are more likely to be used for financial fraud rather than obtaining medical care. In 2022, the Federal Trade Commission received 27,821 reports of medical identity theft, while reports for identity theft related to new credit card accounts totaled over 400,000.
The methods through which medical identity theft occurs also vary. In some cases, an individual may gain access to another person’s health insurance number and ID, allowing them to receive medical services in someone else’s name. Busy hospital emergency departments, for example, may make an attractive target for these fraudsters. While procedures typically require patients to present insurance and photo ID information during check-in, emergency departments also aim to be accessible to those without insurance or the necessary documents. Emergency physician Rade Vukmir stated, “We want to treat that population. We’re America’s safety net. We always provide care.”
Medical identity theft can also occur within familiar relationships. In fact, almost half of the people who fail to report medical identity theft do so because they know the person responsible. For instance, someone may allow a family member, such as a cousin or sibling, to use their insurance card for non-emergency medical care to avoid higher copayments. “Usually, in those cases, it wasn’t an emergency,” explained Vukmir.
Data breaches in the healthcare sector have become increasingly worrisome, affecting millions of patients each year. In 2022, 707 healthcare data breaches impacted nearly 52 million patients. These breaches are often caused by hacking or IT incidents, and they have been on the rise in recent years. Health care organizations are legally required to notify individuals when their medical data has been exposed through a breach. John Riggi, the national advisor for cybersecurity and risk for the American Hospital Association, expressed significant concern about foreign-based hacking groups and the potential harm caused by the personal information contained in medical records. These records can be sold to criminals who use them to commit insurance fraud or create fake identities for financial gain.
In order to combat medical identity theft, health plans can learn from the strategies employed by the financial services industry. Riggi suggests using sophisticated algorithms to identify suspicious patterns, such as providers located far from a patient’s home or treating patients for conditions that do not match their age or health status. Unfortunately, the insurance industry trade group AHIP did not respond to requests for comment.
Consumers should proactively monitor notices and bills from insurers and providers, contacting them immediately if anything seems suspicious. In Miller’s case, it remains unclear whether her situation was due to administrative errors or medical identity theft. However, the hospital resolved the issue within a month, removing the charges and ensuring her medical record was separated from the other patient’s. Other steps that individuals can take include visiting the FTC’s identity theft site to learn about next steps and potentially filing an identity theft report. It is important to contact all providers involved if someone has used your name and ask for a copy of your medical records, reporting any errors to your medical providers. Additionally, notifying your health plan’s fraud department and filing fraud alerts with credit reporting agencies can help mitigate the effects of medical identity theft. Finally, if your health plan offers free credit or identity theft monitoring after a breach, take advantage of it. Velasquez advises assuming that your data has been compromised and may be up for sale.
Overall, medical identity theft poses significant risks to individuals and can have wide-ranging implications. By staying vigilant and taking necessary precautions, consumers can protect themselves from this increasingly prevalent form of fraud.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
