Medical-related identity theft accounted for 43% of all identity theft in the United States in 2020, according to the Identity Theft Resource Center.
And the majority of documents criminals steal are the same ones your employees receive from their group health insurers. If an employee becomes a victim of medical identity theft it can take them years to undo the damage, particularly if their identity is stolen in the process.
That’s why it’s important for any employer with a group health plan to warn its staff about the importance of safeguarding their medical and health insurance information, including plan information and health insurance cards.
Medical identity theft is when someone uses another person’s personal information — like their name, Social Security number, health insurance account number or Medicare number — to see a doctor, get prescription drugs, buy medical devices, submit claims with the victim’s insurance provider, or get other medical care.
If the thief’s health information is mixed with the victim’s, it could affect the medical care the victim is able to receive, or the health insurance benefits they are able to use. It could also hurt their credit.
People often learn they are victims of such fraud when they get a medical bill or a notice from their health insurance company about what will be covered for a procedure they never went in for.
Alert your staff
The most important advice for your staff is that they should take good care of their health insurance card. This includes:
- Making sure they get their health insurance card back every time they use it.
- Cutting up their old card whenever they receive a new one for a new policy year or other reason. The new one should be put in their wallet.
- Reporting a loss immediately to their insurance company if the card is lost or stolen. They can issue a new one and void the old one, so that nobody can use it for doctor’s visits or to purchase medication.
Your employees should also keep their medical records, health insurance records and any other documents with medical information in a safe place. This includes:
- Health insurance enrollment forms
- Prescription bottles
- Doctor and medical provider billing statements
- Explanation of Benefits statements from their health carrier.
Any of the above documents should be shredded when it’s time to replace or discard them.
Also, since thieves will sometimes steal mail from mailboxes, you can recommend that your workers sign up for paperless communications from their insurer.
How to identify fraud
Safeguarding the above information can go a long way towards avoiding medical identity theft, but it can still happen. Your employees should know the warning signs. The Federal Trade Commission recommends being on the lookout for the following:
- You get a bill from your doctor for services you didn’t get.
- You notice errors in your Explanation of Benefits statement, like services you didn’t get or prescription medications you don’t take.
- You get a call from a debt collector about a medical debt you don’t owe.
- You review your credit report and see medical debt-collection notices that you don’t recognize.
- You get a notice from your health insurance company saying you reached your benefit limit.
- You are denied insurance coverage because your medical records show a pre-existing condition you don’t have.
If you think someone is using your personal information to see a doctor, get prescription drugs, buy medical devices, submit claims with your insurance provider, or get other medical care, taking the steps below will help you limit the damage:
- Thoroughly review your medical records.
- Contact your insurance company and each provider and pharmacy where a thief may have used your information, and ask for copies of these medical records. You may have to submit records requests and pay fees to get copies.
- Review the records and look for errors, like visits or services you didn’t receive.
- Report the errors to each provider, pharmacy and your insurance carrier, with backup documentation that shows the incorrect information and an explanation of why it’s wrong — and ask that they remove the visits and services from your records.
Under federal law, health insurers have 30 days to respond to your requests.
For good measure, your employees should also review their credit reports.