Friday, August 22, 2008

Health Care and Medical ID Fraud

Identity theft is big business. According to the Gartner Report and other sources, it has been estimated that about 10 million victims file cases for identity theft each year--an average of 20 people every 60 seconds. The overall cost of this has been almost $60 billion dollars in the last year. And it’s not just your bank account number, credit card number, or social security number that people wish to have for their intentions to commit crime. Even your address, names of your relatives, date of birth, phone numbers, and other such personal information can be useful to those who would steal your good name. Criminals can put together a picture of you and use this information in order to perpetrate identity theft and identity crime. This fake persona can then be used against you to steal your money, your tax returns, and even your livelihood--including medical ID theft or fraud. The report on Medicare Compliance just announced that over 9 million adults in the U.S. this year alone believe they or a family member have had personal medical information lost or stolen.

According to the World Privacy Forum, medical identity theft occurs when someone uses an individual’s name or other parts of the individual’s identity – such as insurance information or Social Security Number – without the victim’s knowledge or consent to obtain medical services or goods. Medical identity theft can also occur when someone uses the person’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims. The essence of the crime is the use of a medical identity by a criminal and the lack of knowledge by the victim. Some identity theft cases arise in medical settings, but they are not medical identity theft. For example, if a hospital worker steals patient credit card number or other financially-related identity information and goes on a shopping spree at a mall, that is not medical identity theft. It is more traditional financial identity theft. In this situation, the crime did not affect the medical identity of the individual, even though it involved the use of personal financial information.

US News & World Report indicates that the thief isn't always an individual desperately needing medical care. In some instances, the perpetrator can be a doctor hoping to pad his or her income by filing fraudulent claims. Even worse, law enforcement authorities say that more and more frauds are being perpetrated by organized crime rings who steal dozens, and sometimes thousands, of medical records, as well as the billing codes for doctors. The rings then set up fake medical clinics—offering free health screenings as a ruse to draw in patients—that submit bogus bills to insurers, collect payments for a few months, and then disappear before the insurers realize they've been had. But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor's paper files, fraudulent information could circulate in other medical databases across the country. Given that some medical ID thefts are "inside jobs," wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier.

Even worse, it can be difficult for patients to purge any fraud from their records according to US News & World Report. While the Fair Credit Reporting Act gives victims of financial identity theft the right to see and try to correct any mistakes in their credit records, critics say that victims of medical ID theft don't have the same recourse. Health privacy laws are limited and don't reflect the possibility of medical ID theft, and incorrect information could bounce around for many years. Victims of financial identity theft have a much clearer path to recovery than those whose medical identities are stolen. If someone swipes your wallet and goes on a spending spree, you can ask any of the three major credit bureaus for a free credit report, place a fraud alert on your account, and get inaccurate charges expunged. With medical identity theft, it's not that simple. In the first place, your records are most likely scattered among many different providers, and there's no medical records clearinghouse that keeps them. Under HIPAA, the federal law that addresses medical privacy, you're entitled to a copy of these documents, though you may have to pay for it. If there's an error, you can add a correction to the record, but you can't have information deleted. And if an impostor gets healthcare services in your name, you may really be stuck. Healthcare providers may actually refuse to let you see your own record because once it's intermingled with someone else's, that person's privacy must be protected.

Unfortunately, law enforcement authorities complain that many health-care facilities do too little to protect their patient data. However, in their defense, health-care executives say they've taken steps in recent years to deter identity thieves. Some hospitals, for instance, have begun reprogramming their computer systems to restrict staffers from accessing any patient data beyond what they need to do their jobs. And some have instituted procedures to ensure patients are who they claim to be as reported by US News and World Report.

For a medical identity theft victim, according to the World Privacy Forum, medical and health insurance records are essential to figuring out the facts in your case. The thief may have used your name when seeing a doctor, obtaining prescription drugs with your health ID number, filing claims with your insurance company, or doing other things that left a trail in your medical records. The actions of the thief may be intermingled with the records of your own treatment and payment activities. For example, your health insurer may have records showing bills submitted by your dentist, drug store, and obstetrician together with other bills that resulted from the thief’s activities. In some instances, the crook is not someone who sought medical care but a health care provider who submitted a wholly fraudulent bill in your name, your spouse’s name, or your child’s name.

The World Privacy Forum also reports that if you have reason to believe that you are a victim of identity theft, you need to find the facts. Obtaining a copy of your medical records from your health care providers, hospitals, pharmacies, laboratories, and health insurers is the main way to learn what happened. You may be tipped off to medical identity theft by receiving an explanation of benefits from your insurer for services that you never sought or received. You may receive a bill for services that you did not use. You may receive a dunning notice (a notice that a bill has not yet gone to a collection agency, but will if not paid soon) or phone call from a debt collector for a health care bill in your name that was never paid. If any of these things happen to you, you need to find the facts by obtaining basic records from providers and insurers; and ask questions, preserve your rights, and follow the trail of information.

Medical ID fraud is serious business. Those who are affected by it face a huge task to clear up personal and financial issues that result from someone's unscrupulous behavior. Keep your records safe, and follow up immediately on any unusual circumstances related to your own health.

Until next time. Let me know what you think.

No comments: