As we head into the final stretch of 2014, large-scale financial and retail breaches are top-of-mind for many of us, especially as we get ready for holiday shopping. But here is another type of identity theft that all consumers should be aware of and begin to monitor for -- medical identity theft.
In 2013, the healthcare industry experienced more data breaches than ever before, accounting for 43 percent of all breaches for the calendar year. 2014 numbers are not looking much better.
There are two main factors driving the growth of medical identity theft. The first is the value of a medical identity. According to the World Privacy Forum, a medical identity including name, address, Social Security and health ID numbers, goes for about $50 on the online black market. By comparison, a Social Security number currently sells for about $1 and an active credit card can go for anywhere between $1 and $3. A medical identity fetches a lot of money making it a lucrative target for cyber criminals. The second factor at play is the move to get more medical information online. At the beginning of 2014, there was a federal mandate issued that required healthcare facilities to show meaningful use of electronic medical records in order to keep their Medicaid and Medicare reimbursement levels. As our medical data goes digital, more opportunities for cyber criminals become available to steal it.
All of this begs the question, what can we do to keep our medical identity safe. Unfortunately, the answer is not a simple one. Unlike our financial information, which feeds in to a consolidated credit report, medical information does not have one place where it is stored and monitored. Your medical information is everywhere. It is in the paper file your doctor keeps, stored in the sophisticated electronic system employed by a hospital and collected by the fitness bands you wear on a daily basis. If you are worried that someone else is using your medical identity, you cannot simply put a freeze on it, like you can with your credit card. However, there are some best practices you can employ proactively to monitor your medical identity for misuse. The Medical Identity Fraud Alliance shares some good tips:
- Obtain your "benefits request" annually. Your insurance provider can provide a list of all benefits and services paid in your name. In fact, many insurers have websites that list the medical benefits you receive shortly after the claims are filed. It is a good practice to check this list annually, or more frequently if you have been the victim of identity theft.
- Protect your medical insurance card. Treat it like your Social Security card. Leave it in a safe place when you are not using it. If you lose your medical insurance card, report the loss to your insurance provider immediately.
- Safeguard your insurance-related paperwork. Similar to how you would shred a financial document before throwing it away, shred all insurance-related documents as they often contain personal information like name, address and health insurance numbers.
- Review your credit report annually. When you are the victim of medical identity theft, one of the first places it shows up is your credit report. When checking your credit report, be sure it is free of any medical liens.
If you have been the victim of medical identity theft, the FTC has helpful advice and resources for correcting mistakes to your medical record and further protecting your medical identity. In the meantime, always remain vigilant when providing your personal or insurance information. Protect it, monitor it and don't become a victim of medical identity theft.