Browse Definitions :
Definition

medical identity theft

Contributor(s): Matthew Haughn

Medical identity theft is the illegal access and use of a patient's personally identifiable information (PII) to obtain medical treatment, services or goods.

The thief's goal is to obtain key pieces of  personal information that will allow the thief to impersonate the victim. In addition to stealing the victim's date of birth, address and social security number, the thief may also steal the identification number the patient is assigned by his or her health care provider. The stolen information may be used to open credit card accounts or obtain medical services such as treatment at an emergency medical crisis location. The information may also be used to fraudulently obtain prescription drugs or expensive medical equipment that can be sold on the black market. 

Victims of medical identity theft may receive bills for medical services they did not receive, and the length of time it can take to resolve a dispute may have a negative impact on the victim's credit rating and future insurance costs. The perpetrators' actions may also add false information to the victim's electronic health record (EHR). Left unnoticed, this could provide medical personnel with incorrect or conflicting information about the patient's medical history or prescribed medications.

To mitigate the impact of medical identity theft, patients should routinely monitor their credit ratings and carefully read over bank, credit card and insurance statements to ensure that  all charges are legitimate. Suspicious activity should be reported to the appropriate agency as soon as possible. 

This was last updated in April 2016

Continue Reading About medical identity theft

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Saw this on television recently. With all the data breaches and issues with the cloud lately, why would hospitals risk it ?? The answer is storage of medical records. Years ago I was in hospital for a procedure that did not go well. Spent 4 months before I was released. My medical records for that stay filled almost 5 3 inch thick 3-ring binders. So multiply that out by the number of patients and it's staggering. HIPAA should take another looking at putting this all at risk to theft.
Cancel

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close