Medical identity theft is on the rise, with incidents of thieves using the insurance of others to pay for medical visits or drugs surpassing 2.3 million cases last year.
That’s an increase of nearly 22 percent over 2013, according to a study of more than 1,000 victims by the Medical Identity Fraud Alliance (MITA).
One quarter of the thefts were by family members who took personal medical identification without the insured’s consent. The victims were most often a spouse or partner, followed by a parent. Another one quarter of victims fraudulently shared their identification with a friend or family member.
In addition, 12 percent of victims said the theft of their medical insurance information arose from responding to a fraudulent email or sharing information online on what turned out to be a fake website.
Other victims saw their problems stemming from their healthcare provider: 10 percent said there was a data breach by their healthcare provider, and 6 percent believed an employee at their healthcare provider stole their health insurance information.
Only one-third of respondents felt confident that their healthcare provider’s security measures to protect their records were adequate, and nearly half said they would consider changing providers if their records were lost or stolen.
Victims said they expected their providers and insurance companies to contact them if there is a breach, but most do not, the study showed. Most victims do not find out about the theft until an average three months after the fact, typically when they are reviewing their billing statements and notice unusual charges. And 30 percent don’t know when they became a victim.
The cost to victims is considerably higher than other types of identity theft, both in time and money. Financially, 65 percent of medical identity theft victims paid an average of $13,000 to resolve the theft ’ often paying the healthcare provider, repaying the insurance company or hiring attorneys, the MITA report said. Healthcare providers and insurers are also impacted financially by the thefts.
Timewise, it can take up to 200 hours to resolve a medical identity theft, in part because of HIPAA rules protecting the privacy of patient information. In the end, only 10 percent of victims report reaching a satisfactory conclusion.
The report included recommendations for healthcare providers and insurers to help curb the rising medical identity theft statistics. The Medical Identity Theft Alliance report said healthcare providers should: