hide my visit

Medical Identity Theft

Detecting Medical Identity Theft

Read your medical and insurance statements regularly and completely. They can show warning signs of identity theft. Read the Explanation of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Check the name of the provider, the date of service, and the service provided. Do the claims paid match the care you received? If you see a mistake, contact your health plan and report the problem.

Other signs of medical identity theft include:

  • a bill for medical services you didn’t receive
  • a call from a debt collector about a medical debt you don’t owe
  • medical collection notices on your credit report that you don’t recognize
  • a notice from your health plan saying you reached your benefit limit
  • a denial of insurance because your medical records show a condition you don’t have.

Learn more about repairing other damage caused by identity theft.

Correcting Mistakes in Your Medical Records

Get Copies of Your Medical Records.

If you know a thief used your medical information, get copies of your records. Federal law gives you the right to know what’s in your medical files. Check them for errors. Contact each doctor, clinic, hospital, pharmacy, laboratory, health plan, and location where a thief may have used your information. For example, if a thief got a prescription in your name, ask for records from the health care provider who wrote the prescription and the pharmacy that filled it.

You may need to pay for copies of your records. If you know when the thief used your information, ask for records from just that time. Keep copies of your postal and email correspondence, and a record of your phone calls, conversations and activities with your health plan and medical providers.

A provider might refuse to give you copies of your medical or billing records because it thinks that would violate the identity thief’s privacy rights. The fact is, you have the right to know what’s in your file. If a provider denies your request for your records, you have a right to appeal. Contact the person the provider lists in its Notice of Privacy Practices, the patient representative, or the ombudsman. Explain the situation and ask for your file. If the provider refuses to provide your records within 30 days of your written request, you may complain to the U.S. Department of Health and Human Services’ Office for Civil Rights.

Get an Accounting of Disclosures

Ask each of your health plans and medical providers for a copy of the “accounting of disclosures” for your medical records. The accounting is a record of who got copies of your records from the provider. The law allows you to order one free copy of the accounting from each of your medical providers every 12 months.

The accounting includes details about:

  • what medical information the provider sent
  • when it sent the information
  • who got the information
  • why the information was sent

The accounting shows who has copies of your mistaken records and whom you need to contact. It may not have details about some routine disclosure of your information, like those from your doctor’s office to another doctor’s office, or disclosure of payment information to an insurer.

Ask for Corrections

Write to your health plan and medical providers and explain which information is not accurate. Send copies of the documents that support your position. You can include a copy of your medical record and circle the disputed items. Ask the provider to correct or delete each error. Keep the original documents.

Send your letter by certified mail, and ask for a “return receipt,” so you have a record of what the plan or provider received. Keep copies of the letters and documents you sent.

The health plan or medical provider that made the mistakes in your files must change the information. It should also inform labs, other health care providers, and anyone else that might have gotten wrong information. If a health plan or medical provider won’t make the changes you request, ask it to include a statement of your dispute in your record.

Read more about correcting errors in your medical records, regarding Medical Identity Theft, at consumer.ftc.gov.


Protecting Your Medical Information

Your medical and insurance information are valuable to identity thieves.

Be wary if someone offers you “free” health services or products, but requires you to provide your health plan ID number. Medical identity thieves may pretend to work for an insurance company, doctors’ offices, clinic, or pharmacy to try to trick you into revealing sensitive information.

Don’t share medical or insurance information by phone or email unless you initiated the contact and know who you’re dealing with.

Keep paper and electronic copies of your medical and health insurance records in a safe place. Shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.

Before you provide sensitive personal information to a website that asks for your Social Security number, insurance account numbers, or details about your health, find out why it’s needed, how it will be kept safe, whether it will be shared, and with whom. Read the Privacy Policy on the website.

If you decide to share your information online, look for a lock icon on the browser’s status bar or a URL that begins “https:” the “s” is for secure.

Read more about who to contact and check other issues, regarding Medical Identity Theft, at consumer.ftc.gov.