Federal Employees are concerned about identity theft from a new source: medical records. The current trend to transfer all medical patients’ data to Electronic Medical Records (EMRs) is certainly a boon to patients in that it can facilitate treatment between medical organizations, but having all that information online also allows for the possibility of medical identity theft on a large scale.
Background of Federal Employee Identity Theft Concerns
In July of 2015, the federal government announced a breach of their computers, which affected a staggering 21 million individuals, including every person investigated with background checks by the government over the prior 15 years. The sensitive information stolen in this breach involved social security numbers, fingerprints, names, addresses, and health and financial history.
This data breach announcement came right on the heels of one identified only a month earlier, which affected more than 4 million government employees. Ironically, this newest breach was discovered during the Office of Personnel Management’s efforts to modernize its computers and install greater security measures. Although a treasure trove of government information has been stolen, the security upgrades for computer systems has now been given top priority, for better protection in the future.
Now, Medical Identity Theft has become a top concern for Federal Employees due to their increased vulnerability from these attacks.
Health Insurance Fraud
Medical identity theft is rapidly rising now because thieves can use someone else’s name or health insurance to receive treatment of their own. Using your medical identity, a thief can actually file claims with your insurance provider and receive other types of care, which all are eventually billed to you or your medical insurance provider.
Be careful of who you provide your health plan ID number to. Medical identity thieves might pretend to work for your doctor, pharmacy, or insurance company in order to get you to share your medical information. If you are concerned that someone who has called or emailed you is not who they say they are, ask for their name or extension and call the office directly.
Remove and shred the labels from your prescriptions instead of throwing them in the trash. Any paperwork you receive from your doctor or insurance company should be kept in a safe place or shredded to ensure that thieves cannot access any sensitive information.
Hospital patients’ identity theft
Hospital patients are the next big target for identity theft hackers because it is fairly common for hospitals to be part of vast networks of medical facilities around the country, which means patient data is all combined on their computer systems. While the convenience for patients and the efficiency of service are unquestioned benefits, there is also a degree of vulnerability created which provides a tempting target for hackers.
Once a hacker has accessed a computer system supporting a national chain of hospitals, the possibilities are literally endless for medical identity theft. In this case, there is very little you can do to prevent a theft, but can you keep alert for warning signs.
When medical identity theft occurs, you may get bills for medical procedures or treatments that you never personally received, and you may start getting calls from debt collectors attempting to secure payment for medical bills that you don’t owe. These will eventually show up on your credit report as unpaid bills, unless you’ve paid them without realizing what they were.
You might also receive notices from your medical insurance provider notifying you that you have reached your coverage limit for the year, and that any additional claims will be denied. Another possibility is that you might receive a denial of coverage notification because a claim has been filed to cover a medical condition that you do not have.
What should you do if you realize you’ve been a victim of medical identity theft?
What to Do if You’ve Been a Victim of Medical Identity Theft
The first step to take if you believe you’ve been a victim of medical identity theft is to get a copy of your medical records and check them for errors. Obtain records from your doctor, hospital, pharmacy, and insurance company.
Next, see who else has asked for a copy of your medical records with an “Accounting of Disclosures.” You are able to order one free copy of the accounting of disclosures each year and will learn what medical information was sent to who, and when.
Then, ask for corrections to your medical records by explaining why your current records are not accurate and include any documents that contradict your records. Make sure to keep copies for yourself and ask that the agency that made the mistake alert the other providers it communicates to about the error. If you cannot get a record corrected, ask that they include your disputes with your medical record.
Perhaps the single most effective thing you can do though, is to enroll in an identity monitoring, protection, and resolution service. Malicious hackers are simply a fact of life these days, and more attacks are inevitable – but you should still do everything possible to minimize the likelihood of your own information being compromised.
It isn’t really a question of ‘if’ another identity theft attack will occur, but merely a question of ‘when.’ Hackers find ways of circumventing each new layer of security installed by a given organization. By being cautious to protect yourself and alert to early warning signs, you can often prevent yourself from being targeted and quickly eliminate the threat if you are a victim of fraud.
Jeff Roediger is the CEO of Fed Resource, providing federal benefit and financial education to active and retired federal employees.