How to Protect Your Healthcare Identity and Security


The motive behind stealing your credit card information is easy to understand, but why would someone want your medical information? Criminals can use your identity and insurance to obtain treatment and medications, often at numerous locations. In addition to being charged for services you did not receive, this activity is recorded in your medical records, creating confusion for providers and caretakers. Having to prove that you did not get the care in question is complicated for the victims, and they may end up paying incorrect bills.

Medical identity theft is on the rise, increasing by 22 percent in 2014. Keeping medical information secure, for both yourself and your loved ones, is a priority for everyone. We asked three experts how medical identity theft occurs, and what you can do to stop it.

Know the Risks and How to Protect Yourself

There are parts of protecting your medical identity that you simply can’t control, such as hackers breaching a major database, or a hospital employee stealing and selling information. Fortunately, there are ways that you can actively defend yourself. Being careful with when and how you share your information, and creating strong passwords for any online access to your medical records are central parts of keeping your health information safe. Here are our experts’ specific tips on guarding your medical identity.

Image of Terry CutlerTerry Cutler is a Certified Ethical Hacker and cyber security expert with Cyology Labs. By knowing all of the tricks and technology employed by the “bad guys,” he is able to serve as an expert consultant and thought leader on preventing and analyzing cyber crime and security.

Keep your identity on a short leash – watch what you carry. Things like social insurance numbers and birth certificates don’t need to be in your purse, and should be locked in a safe place and never shared. Avoid sharing too much personal information over the phone. If someone is calling you to discuss your financial or health care issues, they shouldn’t be asking you to provide them with personal information since they should already have it.

Passwords are a big problem and should never be written down and carried in your purse or wallet. Learn to create strong passwords of 16-25 characters long by using phrases or song lyrics and enabling 2 step verification services for added password protection. There’s a FREE video series at Internet Safety University that walks you through creating a safe password.

Image of Sree RamaSree Rama is the director of support and training for qliqSOFT, a company that created a secure, HIPPA-compliant messaging app for healthcare. She shares her advice for what not to do with your valuable personal information.

People should not send personal information like SSN, Medicare Number, DOB and credit card numbers in email. Always set complex passwords, and do not use single passwords for all accounts. Never use your family and pet names as passwords.

Seniors need to be careful while doing internet surfing, online shopping and online banking. If they are purchasing something online, while entering credit card or Bank account numbers they have to make sure [the] website is secure and [uses the security protocol] https.

Image of Nick SemekovichNick Semenkovich is a dual MD/PhD student who founded the Trustworthy Healthcare Initiative, where hospitals and healthcare systems are tested and ranked based on their cybersecurity preparedness. He knows that many healthcare systems use online “portals” for patients to access their records. Make sure that you are using this convenient service securely.

Hospitals and universities aren’t doing everything they can to protect medical records, and they aren’t encouraging seniors to protect their records either. Online “patient portals” to access your medical records can sometimes also be used to steal personal information (like social security numbers), or credit card and billing information. If you have access to an online patient portal, choose a long password, and only use that password on that site (don’t share passwords).

Online health sources can be hit-or-miss. It’s best to rely on well-recognized national organizations for trustworthy information, for example, the National Institutes of Health and their Medline resources.

How to Report Medical Identity Theft

Many people who are victims of medical identity theft are not immediately aware of what has happened. We all look at our credit card bills regularly, but how often do you review your complete medical records? If you do discover suspicious or criminal activity, you need to take action. The first step is checking your credit reports for any fraudulent bills. Terry Cutler shares his list of credit bureau fraud protection resources to help you.

Medical information is worth about 10 times more than credit card information. Hackers usually steal this data to fraudulently bill. If you become a victim of fraud, here are some resources to call to disclose a breach and help protect your identity. It’s also very important to order your credit report to see what’s available on your credit.

  • Equifax fraud department: (888) 766-0008
  • Experian fraud department: (888) EXPERIAN (888-397-3742)

If you do become a victim of identity theft, you can obtain an “extended fraud alert” that will be in effect for seven years. Members of the military can place an active duty fraud alert on their credit reports for one year if they are away from their usual duty station.

If you do find fraudulent activity, your next step is to report it to the appropriate agencies. Sree Rama offers this contact information for documenting medical identity theft.

Seniors need to call the Department of Health and Human Services, Office for Civil Rights toll-free at: 1-800-368-1019, TDD: 1-800-537-7697

Having your medical records compromised violates your privacy as well as your financial situation. Nick Semenkovich advises reporting any violations, even if financial fraud did not occur.

Anyone can report HIPAA violations directly to the US Department of Health and Human Services, or to their local hospital or university privacy representative.

Preventative Care for Avoiding Medical Identity Theft

Patient portals and digital medical records have made coordinating complex care much easier. Patients can change doctors, see numerous specialists, get second opinions, and even simply get care while travelling with greater ease. The portability of these records has unfortunately made them a target for criminals, who use this accessible information to send fraudulent bills or obtain dangerous prescription medication.

Stopping and eliminating the results of this crime can cost victims large amounts of time and money. Thankfully, preventing it can be as simple as correctly securing your information, both online and in your home.


Leave a Reply

Your email address will not be published. Required fields are marked *