Over the past several months, the U.S. Department of Health & Human Services (HHS) Office of the Inspector General (OIG) has been receiving an increased number of fraud reports related to medical identity theft as a result of COVID-19.
A consumer’s medical identity information can be compromised through scams, phishing attacks (fake medical offers, etc.), malware, or even data breaches of the healthcare institution. Medical identity theft is not only hazardous to your customer’s finances, but it can take a toll on their overall health and well-being. If a victim of this crime, your customers’ medical files could be mixed up with another person’s (which can prove deadly if the consumer is allergic to certain medications, etc.). Thieves can also use that stolen data to commit other identity theft crimes such as filing fraudulent tax returns, insurance claims, etc.
To help spread awareness about this particular type of identity theft, we’ve compiled a few tips for you to share with your customers and employees to help them not only detect medical identity theft, but also tips on ways they can protect their medical information.
How to Detect Medical Identity Theft
Notice the signs. According to the Federal Trade Commission’s (FTC) Consumer Sentinel Network 2019 Data Book, there was a 101% increase in identity theft reports related to medical services in 2019. The FTC notes that thieves may use your medical information (name, social security number, health insurance number) to receive medical care, fill prescription drugs, or file claims on your behalf. As such, it is extremely important to keep track of the care you receive, your benefits to include in and out of network costs, and the claims you or your providers are filing for your care. Keep detailed records of any out of pocket expenses you pay, including co-payments, so you can verify payment if ever questioned as a result of an incorrect claim filed. If you receive letters or emails that are not in line with what you were expecting, call your providers directly to review the information. Remember to never click on links or call numbers if the communication received seems fishy.
Get a copy of your medical records. You can request your medical records from your doctor, clinic, hospital, pharmacy, laboratory, health plan, etc. at any time. Be sure to read them carefully and regularly. If you see a mistake, contact your health plan provider to report and rectify the problem immediately. Keep copies of your correspondence with your providers and write down specifics including time and date of any calls you place to report the issues.
Review Explanation of Benefits (EOB) statements from your health insurer. Always check the name of the provider, date of service, and service provider for accuracy. If you notice any errors or inconsistencies, contact your insurer and/or their fraud department immediately.
Request a copy of your “Accounting of Disclosures” from your health plan and medical providers. According to the HHS, consumers are allowed to order one free copy of the accounting disclosures from each of their medical providers every 12 months. This provides you a record of anyone who has received a copy of your medical records from the provider(s), when & why they received it, and what medical information was sent. Check to make sure your health information is accurate, and if you notice an error, report it to your provider, including a detailed explanation of which information isn’t accurate. Be sure to send copies of supporting documentation to reinforce your claim.
How to Protect Yourself from Medical Identity Theft
Share only what is needed, when it is needed. Never share your Social Security number or health insurance information with anyone who doesn’t absolutely need to have it. Be extra vigilant of unsolicited requests for medical information via calls, texts, social media, and websites. Scammers are currently claiming the ability to “test” you for COVID-19 as a way to collect personal information to then use for medical or financial identity theft. Others are also claiming to be contact tracers; legitimate tracers will never ask you for personal medical or financial information. If you do need to share information with your medical provider, take precautions to not share that sensitive and valuable data via email or text. Instead, give the medical provider a direct call.
Follow good cybersecurity hygiene. If sharing medical and health insurance information online, make sure the url is accurate and that the site is secure (look for “https:” at the beginning of the url). Continue to protect your networks, devices, and accounts by using unique passwords, two-factor out-of-band authentication, and installation of online data protection software. According to the Cybersecurity and Infrastructure Security Agency (CISA), 7-10% of the U.S. population are victims of identity fraud each year, and 21% experience multiple incidents of identity fraud. Remember to be Cyber Smart as you use the internet and IoT devices!
Discard medical and health insurance documents safely. Always shred sensitive documents. The FTC recommends keeping paid, undisputed medical bills for up to a year after paid as proof of payment. Disputed medical bills should also be kept until the issue is resolved. After that time, they should be shredded. Don’t give “dumpster divers” the opportunity to use your information to steal your identity from your correspondence with medical and health providers.
Report identity theft immediately. If you suspect you’re a victim of identity theft, don’t delay in reporting the crime. Take immediate action to help limit the damage by following the below steps:
Always start with filing a police report at your local police station
Notify the healthcare institutions and organizations where you suspect the fraud occurred
Place a fraud alert on your credit reports and get copies of each credit report
Report the incident to the FTC at www.IdentityTheft.gov
In addition to these tips, another key way you can help protect your customers from cyber threats and medical identity theft is to offer them comprehensive identity protection. SpaceCycles Cyber Protection provides comprehensive identity monitoring and alerts, as well as privacy protection assistance.