Hacking medical identities

Fraudsters infiltrate records and endanger lives

By Rebecca S. Busch, RN, CFE, CRMA

rebecca-busch-80x80   Rx for fraud: Health care fraud issues


Imagine you’re about to be married, and you’re trying to buy your first home to start your family. When you request your credit history to apply for a mortgage, you discover that supposedly you’ve received collection notices for high emergency room bills; however, you’ve never been treated in the ER.1 

Or consider that you’ve been waiting anxiously to see the results of a medical test. You receive in the mail not only your results but those of two others with their names, addresses and insurance numbers. 

Or maybe you received a letter informing you that an employee at a company that provides technology-based services to medical industries had leaked 500 patients’ sensitive information and you were one of them.2 

And you definitely don’t want to have Anndorie Sachs’ troubles. The local authorities mistakenly reported her as an unfit mother and threatened to take her four children away. A pregnant woman — a meth user — had stolen Sachs’ medical identity, delivered a baby in Sachs’ name, abandoned her child at the hospital and left Sachs with a $10,000 hospital bill.3 

This woman’s crimes could hurt Sachs throughout her life. The perpetrator had a different blood type than Sachs, and uncorrected co-mingled medical records could result in Sachs’ death if she ever needed a blood transfusion. A future health care provider might even prohibit her from reviewing her medical records because they might not be in her name. Once Sachs disclosed that those records weren’t hers, her health care provider denied her access to them because the provider had to now protect the records of the woman who stole Sachs’ identity. Sachs was unable to verify that all the removed records were just those of the thief. The health care industry is addressing this market conflict. 


These scenarios happen every day as medical identity theft increases.4 Nearly 1.5 million Americans fell victim to these frauds in 2010, which are creating a complex quagmire in the health care market.5 

According to the World Privacy Forum, medical identity theft (MIT) “occurs when someone uses a person’s name and sometimes other parts of their identity — such as insurance information — without the person’s knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods.”6 

Another professional organization, the American Health Information Management Association (AHIMA), in a practice brief, “Mitigating Medical Identity Theft,” defines MIT as “the inappropriate or unauthorized misrepresentation of individually identifiable health information for the purpose of obtaining access to property or services, which may result in long-lasting harm to an individual interacting with the healthcare continuum.”7

According to the World Privacy Forum, MIT “frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim’s name. … Medical identity theft typically leaves a trail of falsified information in medical records that can plague victims’ medical and financial lives for years.”8


MIT victims usually are individuals, not organizations. According to an AHIMA report, “Identity Theft and Fraud—the Impact on HIM Operation,” those with developmental or intellectual disabilities, minors, newborns, the elderly, the deceased and persons whose information may be included on public registries (such as cancer registries) are particularly vulnerable.9 It’s easy for a perpetrator or group of perpetrators to simply “borrow” victims’ medical identities by stealing wallets containing insurance cards or copying insurance information from community blood pressure screenings.  

The perpetrators rack up insurance claims or high charges through treatment in emergency rooms where physicians are required to treat patients regardless of insurance coverage. 

Insurance companies that pay the claims along with providers (hospitals, doctors and clinicians treating patients) might be secondary victims because they often have to write off expenses incurred by the thief. They might also spend time and money in working with victims to correct medical histories and records. The most significant consequence for the providers of care is compromised medical decision making because of incorrect patient information. 

Perpetrators commit medical identity fraud for many reasons: to simply obtain free services, steal benefits or services for which they’re ineligible or to perpetrate other frauds or illegal activities such as pilfering drugs for personal use or illegal distribution. 


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.