Medical Identity Theft: How It Happens and How to Recover
Someone using your insurance to get medical care can saddle you with bills, corrupt your health records with wrong blood types and allergies, and even lead to denied coverage. Medical identity theft is harder to detect and harder to fix than financial identity theft. Here is what to do.
How Medical Identity Theft Happens
Criminals obtain your health insurance information through data breaches, stolen mail, lost wallets, or insider theft at medical offices. They use your insurance card to receive medical care, fill prescriptions (often opioids), or submit fraudulent claims for reimbursement. Unlike credit card fraud, there is no single monitoring system for medical identity theft, which means it often goes undetected for months or years.
Insurance Card Theft
Someone steals or photographs your insurance card and uses it to receive care at clinics and emergency rooms in your name.
Prescription Fraud
Thieves use your insurance to fill prescriptions, particularly controlled substances. You may not know until your pharmacy flags a duplicate fill.
Data Breaches
Healthcare data breaches expose insurance IDs, Social Security numbers, and medical histories. This data is sold on dark web marketplaces for $50 to $1,000 per record.
Fraudulent Billing
Corrupt providers bill your insurance for services never rendered, pocketing the reimbursements. This is harder to detect because the bills go directly to your insurer.
Warning Signs You Are a Victim
- Explanation of Benefits (EOB) statements for services you did not receive
- Bills from providers or hospitals you have never visited
- Collection notices for medical debts you do not recognize
- Your insurance says you have reached your benefits limit, but you have not
- Your medical records contain conditions, allergies, or medications you do not have
- You are denied insurance coverage due to a pre-existing condition you do not have
- Your pharmacy tells you a prescription was already filled that you did not request
How to Recover From Medical Identity Theft
Request Your Medical Records
Under HIPAA, you have the right to request copies of your medical records from every provider. Review them for entries you do not recognize. Also request an "accounting of disclosures" to see who has accessed your records.
Contact Your Health Insurer
Call the fraud department of your insurance company. Request a complete claims history and dispute any fraudulent charges. Ask them to flag your account and issue a new member ID number.
File Complaints
Report the theft to the FTC at IdentityTheft.gov, file a police report, and submit a complaint to the HHS Office for Civil Rights. If Medicare or Medicaid is involved, contact the HHS Office of Inspector General at 1-800-HHS-TIPS.
Correct Your Medical Records
Send a written request to each provider asking them to amend your records. Under HIPAA, providers must respond within 60 days. If they refuse, you can file a statement of disagreement that must be included with your records.
Place a Fraud Alert and Credit Freeze
Medical identity theft often leads to financial identity theft. Place a fraud alert with a credit bureau and consider freezing your credit. Monitor your credit reports for medical collection accounts you do not recognize.
How to Prevent Medical Identity Theft
- Treat your insurance card like a credit card — never share photos of it
- Review every Explanation of Benefits statement your insurer sends
- Shred all medical paperwork before discarding
- Use your insurer's online portal to monitor claims in real time
- Be cautious of "free" health screenings or clinics that ask for your insurance card
- Request your medical records annually from primary and specialist providers
- Never give your insurance information over the phone unless you initiated the call
- Monitor your credit reports for medical collection accounts