7 Simple Ways to Protect Yourself From Medical Records Theft


Hacker attacks on medical records are exploding, with more than 113 million health files stolen in 2015. Criminals are using health records to commit medical identity theft, a crime that causes even more suffering than financial identity theft.

Think having credit cards or a mortgage opened in your name is a nightmare? Maybe, but it's nothing compared to what victims of medical identity theft have suffered. Victims of this crime often suffer from financial fraud, just like those who have their credit cards compromised, says Ann Patterson, program director of the Medical Identity Fraud Alliance.

Resolving medical identity fraud is much more difficult than cleaning up a case of financial ID theft. The majority of medical ID theft victims reported spending an average of $13,500 on lawyer fees or medical bills in their names, compared to an average of just $55 to clean up financial ID theft, according to a 2015 Ponemon Institute survey. And with no centralized source to consult like a credit report, and no real-time alerts like banks and credit monitoring services, it may take a long time to even realize you're a victim of medical identity theft, Patterson warns.

Whether you have just received a discomfiting letter from your health care provider that a data breach has occurred, or you simply want to head off this kind of life disruption before it happens, here are seven steps you can take to protect yourself from medical ID theft.

1. Read Your Mail

Those explanation of benefits statements from doctors' offices and hospitals may not be light reading, but you should look at them, at the least to verify that you saw the provider named on the date listed. Also, if you get mail from an unfamiliar doctor's office, don't toss it out without reading it — what you might think is junk mail could actually be a bill taken out in your name by an identity thief.

2. Review Your Medical Records

One positive thing about medical records going online is that it makes it easier for patients to periodically check that all the procedures listed there were actually performed on you, and that the details listed match your identity. If your records aren't online, you can ask to check your file when you're at the doctor's office.

Reviewing medical records could be a matter of life and death, because "information, such as an allergy to penicillin, is often deleted from a patient's medical record when it is stolen by a hacker or used by a buyer," warns the Institute for Critical Infrastructure Technology in a report that was presented to the US Senate in September.

3. Ask About Safeguards

Whether it's your doctor's office or your kids' school collecting data about your family, ask what happens to the paperwork you fill out. Is it shredded after being entered into a database, or tossed into the recycling? What kind of security protects those databases?

4. Don't Always Do as You're Told

Medical forms frequently ask for the patient's social security number. Patterson leaves that line blank, and if challenged, she explains that the omission is for privacy reasons. "I have yet to be refused medical care because I refused to provide my Social Security number," she says.

5. Treat Health Information Like Financial Information

Just as you should shred your tax documents and bank statements before tossing them, you should shred your doctor's office visit receipts, prescription labels, and even destroy prescription bottles with information stickers on them, Patterson says.

And if you wouldn't post your bank account balance on social media, don't be so quick to divulge upcoming medical treatments either. While it might be hard to imagine the harm in asking for thoughts and prayers for an upcoming surgery, Patterson urges patients to look at their profile from a criminal's point of view.

"You're putting out free information to give a detailed profile of you," she says, such as what region you live in, what doctors you frequent, and what ailments you have. If a criminal knows you have cancer, for instance, they may be able to "buy painkillers in your name and not raise a red flag immediately, because it fits your profile," she says.

If you think it's okay to share such information because your posts are only seen by friends and family, consider that, according to the Ponemon Institute, about half of medical ID fraud is committed by people who know the legitimate account holder.

6. Use Monitoring Services When Offered

It's now common for health insurers and other providers who have been hacked to offer members free fraud monitoring services. Take advantage of the offer! Patterson says that less than half of consumers offered free subscriptions actually sign up. Although they monitor for financial fraud — they won't tell you that someone checked in as you at a hospital — the services can provide valuable red flags. For instance, if a fraudulent medical bill goes into collections, it will show up on your credit report, and therefore trigger a fraud monitoring alert.

7. Be Careful What You Tell Your App

There are lots of fitness and health monitoring apps and websites nowadays, and while it's fine to sign up for one, look into the company that made the product, and think carefully about how much personal health data you share with them.

"Most of these companies are not regulated in the same way as your health care provider or health plan to protect your personal health information," MIFA warns.

Like this article? Pin it!

Disclaimer: The links and mentions on this site may be affiliate links. But they do not affect the actual opinions and recommendations of the authors.

Wise Bread is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.