Medical identity theft is on the rise, with incidents of thieves using the insurance of others to pay for medical visits or drugs surpassing 2.3 million cases last year.

identity thief's hand

That’s an increase of nearly 22 percent over 2013, according to a study of more than 1,000 victims by the Medical Identity Fraud Alliance (MITA).

One quarter of the thefts were by family members who took personal medical identification without the insured’s consent. The victims were most often a spouse or partner, followed by a parent. Another one quarter of victims fraudulently shared their identification with a friend or family member.

In addition, 12 percent of victims said the theft of their medical insurance information arose from responding to a fraudulent email or sharing information online on what turned out to be a fake website.

Other victims saw their problems stemming from their healthcare provider: 10 percent said there was a data breach by their healthcare provider, and 6 percent believed an employee at their healthcare provider stole their health insurance information.

Only one-third of respondents felt confident that their healthcare provider’s security measures to protect their records were adequate, and nearly half said they would consider changing providers if their records were lost or stolen.

Victims said they expected their providers and insurance companies to contact them if there is a breach, but most do not, the study showed. Most victims do not find out about the theft until an average three months after the fact, typically when they are reviewing their billing statements and notice unusual charges. And 30 percent don’t know when they became a victim.

The cost to victims is considerably higher than other types of identity theft, both in time and money. Financially, 65 percent of medical identity theft victims paid an average of $13,000 to resolve the theft ’ often paying the healthcare provider, repaying the insurance company or hiring attorneys, the MITA report said. Healthcare providers and insurers are also impacted financially by the thefts.

Timewise, it can take up to 200 hours to resolve a medical identity theft, in part because of HIPAA rules protecting the privacy of patient information. In the end, only 10 percent of victims report reaching a satisfactory conclusion.

The report included recommendations for healthcare providers and insurers to help curb the rising medical identity theft statistics. The Medical Identity Theft Alliance report said healthcare providers should:

  • Assess the level of protection of your practice’s patient records security systems and make improvement where necessary.
  • Inform patients of the measures your practice takes to protect their medical records.
  • Alert patients to the necessity of keeping their medical identification private and secure.
  • Improve office authentication procedures to ensure imposters are not receiving medical services or drugs.
  • Monitor billing statements – especially those that have gone unpaid – for possible medical identity theft.
  • Periodically check with the primary physician to see if records accurately reflect procedures and treatments that have been conducted.
  • Double check that patient blood type, pre-existing conditions, allergies, etc., have not changed.
  • Help patients gain more control over their medical records, making electronic health records accessible to them.
  • Assist patients in correcting any errors in their medical records.
  • Inform patients of the illegality of allowing others to use their medical credentials.
  • Encourage victims to report the crimes to law enforcement and government agencies.