Closing the Door to Your Greatest Fraud Risk

The recent headlines about the theft of tens of millions of personal information files from health insurer Anthem shouldn’t have been a surprise, and it is the type of action you should expect to hear about regularly.

Your greatest risk of being scammed or having your identity stolen might be one you don’t suspect. The big headlines in the past were generated when information thieves accessed the databases of major retailers or other well-known businesses. But those headlines are changing.

Medical records are the latest hot target of information thieves.

A medical record often has all the information an ID thief needs in one convenient place: birth date, full name, Social Security number, and often insurance and financial account information. All this information is more convenient and accessible to thieves as medical providers comply with the federal mandate to make medical records digital. Paper records are supposed to disappear or be supplemented by digital versions stored on a hard drive or server.

A person’s entire medical record often sells for $50 on the black market, according to a recent article in The Wall Street Journal. A crook can do a lot with a medical record. It can be used in the typical ID theft activities of obtaining loans or credit cards, opening new bank accounts, or filing false income tax returns to claim refunds.

Medical records also can be used to obtain medical care, leaving you stuck with copayments and deductibles on the care. You also might face a canceled plan and errors in your medical history that can take a year or longer to correct.

Digital medical records often are shared quite rapidly among insurers and medical providers, making it hard to correct errors. Unlike credit cards and other financial records, there aren’t standard procedures in place to correct medical records and reduce the consequences of record theft.

Children and the elderly are the usual targets of medical record theft, a crime that victimized about 1.8 million Americans in 2013 and has increased almost 20% annually the last couple of years.

Medical records are sought by overseas crooks who use their digital expertise to probe the databases of medical providers, in the same ways they try to infiltrate major corporations and government agencies. Security from these types of attacks hasn’t been high on the priority list of most medical providers. Unlike a lot of other large organizations, a medical provider might not even know its database was breached or probed.

Consumers also are behind in protecting themselves, because medical record theft doesn’t receive much publicity. Here are a few steps you can take.

* Avoid providing Social Security and driver’s license numbers to medical providers. They don’t need them, except in rare instances.

* Ask medical providers to remove these numbers from their existing records. You’re supposed to have the right to have personal information removed from medical records.

* Treat old medical documents you possess the same way as financial records. Shred them instead of throwing them away. Any records you retain should be stored securely. This includes bills, receipts, and diagnosis information.

* You have the right to review and receive a copy of most of your records from medical providers. The rights are spelled out in the federal regulations at 45 CFR 164.524. Just as you should with credit reports, it’s a good idea to take advantage of this right and review your records for incorrect information, fraudulent charges, treatments you didn’t receive, and personal information you want removed.

* Carefully review the “Explanation of Benefits” you receive periodically from your insurer or Medicare. These statements often are difficult to decipher, but they can reveal whether someone is using your insurance to obtain treatment under your name or a medical provider is submitting improper charges to the insurer. If you don’t understand the treatment codes listed, call the provider’s billing staff for an explanation.

Unfortunately, you won’t be able to do everything needed to avoid identity theft through medical records, because Medicare still insists on putting a beneficiary’s Social Security number on the Medicare card and other places. For that, you’ll have to contract your congressman and senators for change.