The Deadly Danger of Medical Identity Theft


When you hear the words "identity theft," you probably think of credit cards or other types of financial accounts. Financial identity theft is the most commonly known type of identity theft. But did you know there is another type that could have deadly consequences? I am talking about medical identity theft.

What is Medical Identity Theft?

Medical identity theft occurs when someone uses your identity, such as your Social Security Number (SSN) or your health insurance information, to obtain medical services, products or treatments without your permission. This might seem like another financial issue, as in you getting a bill for services you did not receive, but it goes much deeper. When an identity thief uses your identity at a health care provider, all of the thief's symptoms, medical history, test results and blood type are recorded in a medical record under your identity. That's right, the thief's medical records could be commingled with your medical records.

So, What's the Problem?

When a doctor makes a diagnosis, he is looking at your entire medical file, including your symptoms and your test results. If an identity thief recently had a blood test that was negative for diabetes, the doctor may decide you could not have diabetes because your blood test was fine. Remember, the thief's test results are now a part of your medical record.

What about if you are involved in an auto accident and you need an emergency blood transfusion, but the blood type in your record is not yours—it is the thief's. Are you going to get the correct type of blood? Does it matter which type of blood you receive? Absolutely! Receiving the wrong type could kill you.

What about prescription drugs? Have you ever heard of drug interactions? Certain prescription drugs cannot be taken with other types of drugs because it could cause serious complications, or even death. You doctor may decide which prescription to write for you based on the list of current prescriptions in your file. If your identity thief is not taking the same prescriptions as you, this could cause a major problem.

How to Detect Medical Identity Theft

Unfortunately, you cannot prevent someone from committing medical identity theft against you. But there are a few things you can do to detect medical identity theft:

  1. Read your Explanation of Benefits (EOB) statements from your health insurance carrier.
  2. Look at the date of the service as well as the name of the provider.
  3. Ask for copies of your medical record(s).
  4. Confirm your information with your Doctor.
  5. Ask questions when in doubt.

The last one is the most important, yet the least utilized. Never be afraid to ask questions.

Another possible way to detect medical identity theft is by reviewing your credit report. When a medical bill has not been paid, it will often end up in collections. Collection accounts are typically listed on credit reports. Keep in mind that it could take 14-24 months from the date of service before the account would show up on a credit report.

Steps to Take if You Fall Victim to Medical Identity Theft

Hopefully you will never have to use these steps, but, with the rise of healthcare data breaches, it appears to be inevitable:

  1. Request a copy of the medical record.
  2. Once received, notify the provider and/or health insurance carrier that you are a victim of identity theft.
  3. File a police report with your local law enforcement agency.
  4. Complete an identity theft affidavit.
  5. Send the police report, affidavit and a cover letter to the provider and/or the health insurance carrier requesting the fraudulent information be removed or redacted from your medical record.
  6. Place a free 90-day fraud alert on your credit report by contacting one of the following: Experian, Equifax or TransUnion.
  7. Notify all of your healthcare providers that you are a victim of identity theft.
  8. If it involves a collection account, notify the collection agency you are a victim of medical identity theft.
  9. Request written confirmation that your record(s) has been corrected and any collection accounts have closed.

As with all types of identity theft, your best defense is consistent monitoring of all of your accounts and statements. If something does not feel or sound right, do not dismiss it. Ask questions until you are satisfied. Your life may depend on it.

Carrie Kerskie is a sought-after speaker, trainer and consultant on identity theft, fraud and data breach.

Visit Kerskie Group, Inc.

View full profile

You May Also Like

Free AgingCare Guides

Get the latest care advice and articles delivered to your inbox!


One thing I've read which was recommended by a cyber security expert is to place a freeze on all your records at the 3 credit reporting agencies. This keeps criminals from using your identity to get loans etc. also create an account on so that a criminal can't use your ID to create one and then file tax returns in your name. These are things we can do to safeguard our ID and money.
I wanted to be certain you know that I'm not talking about a fraud alert. I'm talking about placing a "freeze" on your credit report. Big difference. A freeze means your credit report can not be pulled by anyone unless you lift it. Since we don't apply for credit cards or don't plan on needing a new car or mortgage any time soon I've frozen both my and my husband's and my fathers. Depending on what state you live in, they may or may not charge you. In OK if over 65 there is no charge to place or lift the freeze. I had to pay $10 but that was money well spent compared to the nightmare of ID theft. Here is a link to the article I was referring to in my first post. krebsonsecurity/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
Making an account with the IRS costs nothing and prevents someone else from doing so and pretending they are you. This is getting more common. So just a forewarning.
This is a very timely article, particularly given the recent data breaches of medical information.

This happened several years ago when a major hospital in our area allowed someone to use a stolen BCBSM card of my sister's. I had notified BCBSM after her death so her insurance was cancelled. But the hospital never verified that the fraudster wasn't covered. Of course BCBSM denied the charges.

On another occasion, this same character gave my father's address as his own. But the more annoying aspect was the bills sent to my father - bills for up to over $10,000 in medical charges. My father didn't need to be upset by the incompetence of hospital management and its policies.

When I contacted the hospital, controlling the contempt and disgust I felt for it for not verifying the address of the patient, I was told that since the hospital accepted indigent patients and was serving a greater community good, it would provide service one way or another.

It didn't make any difference if the patient did or didn't have valid insurance. So they didn't verify insurance coverage. Nor did they verify addresses given by patients.

Those dummies continued to allow this fraudster to rack up medical charges without even verifying anything.

To say that it was difficult to believe this stupidity and irresponsibility is an understatement.

We NEVER would seek any treatment from that hospital - who wants to deal with one with such an irresponsible attitude?

One of the concerns I've had as well is when a hospital gets on the Patient Portal bandwagon and asks patients if they want to view their medical records online. It would be helpful as opposed to ordering and paying for medical records, then waiting for a month as was the case the last time I ordered a copy for an emergency visit.

But the issue I raised when asked to participate was what level of security does the hospital actually have? The woman encouraging participation had no idea.

When a doctor I recently saw at a private practice suggested the same thing, I asked the same question. Response: embarrassed sort of grin and change of subject.

Businesses can spend millions if not more protecting data. Are hospitals, even those that are for profit, prepared to do the same thing?

Harpcat, fraud alerts can be filed every 90 days with one of the credit bureau reporting companies. I've done that since the first instance of credit card fraud years ago.

Ceasna, your first contact should be to the police. If you want to file a lawsuit, you can either search for one handling white collar fraud cases, or with the court clerk of what would be a circuit court in my area.

Ask if the court has online civil actions which you can search to find the name of the attorney(s) who filed suits on have of the other 5 people. Michigan used to and probably still does use a 2 letter category as the prefix for various types of civil suits. You would then use the search parameters of the court's online files to find white collar fraud suits against that hospital.

You can then contact that attorney to file a suit for you. Or you can do research through the Alabama state bar directories for attorneys handling white collar fraud. Review their websites to determine how much experience they have, and contact them to get information filing a suit.

I just googled Flowers Hospital, fraud breach and learned that there is a class action suit against the hospital:


Do some research on these hits and decide if you want to be a party plaintiff in a class action suit, depending on whether or not the attorneys are still accepting new plaintiffs. Sometimes these larger, higher publicized suits might bring you a better chance of recovery than an individual suit.

Be sure to read the hit about the hospital claiming people who were subject to filing of fraudulent tax returns can't sue. It'll give you a good insight into the hospital's stance on remediating security breaches.

Good luck.