Medical Identity Theft; Patients Placed at Risk Due To Outdated Security Measures

Privacy Security Breach

Did you know that your “confidential” medical information is worth 10 times more than your credit card number? Yes, there is much more to fear than just losing your name, address, and social security number.

Recently I was notified by Emory Healthcare that I was one of many victims of a medical records security breech. The letter stated that they would do more staff training about confidentiality. In my original article I pointed out that a large part of the problem is the number of people given clearance to one’s electronic medical records. A huge corporation can’t guarantee that all of their employees will be honest, especially given the high value of such records on the black market. With salaries below the national average and outdated security, such a facility is ripe for fraud and abuse. While it is vitally important that systems change over to upgraded security software, no amount of upgraded software is going to help as long as electronic records are open to so many in a particular healthcare system, as in many cases theft is an inside job.

Access to Medical Records Too Broad

Upon further investigation about what could go wrong after such a breech what I found out was alarming. A 60 Minutes segment covered a number of problems that can result from a medical records security breech including Medicare fraud, which even after it’s discovered by the patient and reported often results in payment of services not rendered to the real patient. Fraudulent companies buy lists of patients (sometimes even by bribing doctors) and then are able to bill for procedures, tests, medical equipment and other related products and services. This undocumented immigrant assumed another’s medical identity and got a liver transplant with the medical records and identifying information. A man and his wife were denied a loan because of it and had to pay $15,000 to clear it up. The woman was only given 6 months prison time for what amounts to a federal crime.

As of 2014 such incidents have gone up by 40%. One woman was denied the right to give blood because someone with a sexually transmissable disease had stolen their medical information and used it.

Medicare is doing something in 2018 in response to a new piece of legislation, The Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 to make it more difficult to steal one’s Medicare information. They will replace social security numbers with a new number called an MBI (Medicare Beneficiary Identifier).

In January 2018 they plan on activating the system, but it doesn’t start to go into affect until april 1, 2018 – December 31, 2019, phased in over a period of about 6 months. 

In January 2020 only MBI numbers will be accepted, with a few exceptions. Below is a video overview of the new system, but it is recommended that you go to Medicare’s offical website for full disclosure of how it works.

Medicare fraud is not the only problem that can result from medical identity theft. In Atlanta, Tiffani Cox, a patient, was defrauded by a receptionist, Tiffany Snaden at her Chiropractor’s office. The woman was arrested but bonded out the next morning and went right back to work. As far as the news reporters of the I-Team in a segment that aired on December 13, 2017 know, she is still working there, as they were unable to reach the doctors who were her employers for comment.

In 2014 it was estimated that 2.3 million Americans had their information stolen. Patient ID numbers are also used to commit this crime, but when those who buy and abuse this information are in another state there’s a jurisdictional barrier and although this is a criminal issue, police don’t tend to pursue it, and often a patient’s only recourse is to sue.

Your medical records can be altered due to a stolen medical identity, and as you have learned if you’ve been reading my blog, it is very difficult to get information removed or corrected. The following video tells health systems what they can do to prevent medical identity theft.

Although this video mentions HIPPA as a minimum standard which should be used, you should know that HIPPA is actually less for protecting the privacy of the patient than it is to give expanded clearance to certain individuals. Many patients do not know this unless they read the written material very carefully!

Medical identity theft can be reported to the Federal Trade Commission, as it is considered a Federal crime. The FTC recommends that you watch your insurance statements carefully and if you find anything suspicious on them to ask for an “accounting” of all those who received a copy of your records. This may be helpful, but it doesn’t tell you who may have had access to them or used them without the proper official authorization.

Doctor Viewing Electronic Medical Record

What You Can Do As The Patient:

This shouldn’t be encumbent upon you as the victim of a breech and/or theft but there are a few things a patient can do to safeguard their information and at least make it harder for criminals to get hold of your information. You can ask that you be given fraud alerts and also ask for the 3 credit agencies to restrict access to your credit report information. People who’ve been affected by a medical records security breech might be more vulnerable to bogus credit report requests.

A facility may offer you credit protection. If you do receive a letter offering you this make sure to read the fine print very carefully, as some systems have been known to use this as a form of damage control, a way to get off easy and nullify your right to file suit when they really should have to do much more to correct the situation. You should not have to sign away your rights when it was they who should have taken more care with the sensitive information they are supposed to store.

Cyber Security

Furthermore you should not be required to pay for credit protection that pays off bills you don’t owe. This is really the responsibility of the medical system in which the breech happened.

Nevertheless, once a patient’s medical information is out there on the web or black market these measures are little consolation. Many people have not been able to remove adverse marks on their credit report, or escape the actions of those who have stolen their identity. Banks and other financial institutions, even medical facilities often continue to target the victim and not the perpetrator despite the real patient’s reports that these debts are not incurred by them.

This is why I have stated that patients need to have the right to lock access to their electronic medical records so that they, not corporations, decide who will be able to read, obtain copies, or alter them.

The single most important thing you can do as a patient to protect yourself from medical identity theft is to write your Congressman and ask that more rights be afforded patients as owners of their confidential information.

US Capitol Building

Medical corporations have already proven that our confidentiality is not their number one priority. They would rather pay for more lucrative things such as more satellite clinics or fancy-looking marble walkways, or a new wing (often highly publicised), to attract more paying customers. Once they’ve got them they no longer feel the need to please them any longer. This in the longterm is a big mistake. While they might make more money this way in the short-term, more and more people are simply opting out and not using services they need because of the lack of oversight and inforcement, not to mention lack of privacy.


There is an old adage in business “It’s cheaper to keep them”, but clearly corporate healthcare has not gotten the memo. The current trend is still slanted in favor of spreading an already overburdened health system as thin as possible, increasing patients, focusing on visits, and doing as little as possible for each patient. New aquisition is unfortunately the name of the game in the world of medicine now, and this is precisely why so much falls by the wayside.

If you would like to expand the rights of patients be sure to sign the petition and share the link. The momentum continues to grow as more and more patients band together for human rights. If you, a friend, or a family member have been mistreated in the process of seeking medical help we invite you to post your story there, and leave a comment on this blog. The life you save may be your own, or a loved one’s now or in the future.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s