Keep an Eye on Your Medical ID

By Michelle Andrews U.S. News and World Report

If identity thieves were to disregard your financial accounts and instead target your medical information, your first thought might well be, "Take my medical identity. Please." What nut would want your high cholesterol, trick knee and family history of Alzheimer's? The answer is simple: One without health insurance who needs surgery or prescription drugs, or someone who sees a medical ID as the open sesame that will allow him or her to collect millions in false medical claims.

Untangling the mess is hard. Unlike financial identity theft, there's no straightforward process for challenging false medical claims or correcting inaccurate medical records. Medical identity theft currently accounts for just 3 percent of identity theft crimes, or 249,000 of the estimated 8.3 million people who had their identities lifted in 2005, according to the Federal Trade Commission. But as the push toward electronic medical records gains momentum, privacy experts worry those numbers may grow substantially.

Microsoft, Revolution Health and Google have announced they're developing services that will allow consumers to store their health information online. Consumers may not even know their records have been compromised.

In February, Democratic Reps. Ed Markey of Massachusetts and Rahm Emanuel of Illinois, with support from several privacy groups and Microsoft, introduced a bill that would strengthen safeguards protecting access to consumers' medical information and make it a federal requirement to notify patients if their health care data get exposed.

Brandon Reagin didn't realize someone had snatched his medical identity until his mother called to tell him he was the lead suspect in a car theft in South Carolina in 2005. The 22-year-old Marine had lost his wallet more than a year earlier while celebrating with friends after completing boot camp at Parris Island, near Beaufort, S.C. After his training, he was posted to California. But in South Carolina, Reagin lived on, as an impostor used his military ID and driver's license to not only test-drive new cars and then steal them but also to visit hospitals on several occasions to treat kidney stones and an injured hand, running up nearly $20,000 in medical charges. Reagin found out about the unpaid hospital bills when he asked for a credit report following the car theft. Reagin got nowhere with local police, but with the help of a state senator, he finally connected with the U.S. attorney's office in South Carolina. Staff there notified the Secret Service, and Reagin's doppelganger, a 30-something guy named Arthur Watts from a tiny Midlands town called Blythewood, was eventually arrested. Watts pleaded guilty to identity theft and is awaiting sentencing.

But there's another potential problem: The hospitals Watts used may have medical records in Reagin's name for treatment he never received. And if those medical records someday become electronically linked to one big nationwide health information network, as envisioned by the Bush administration, some privacy experts worry it may be impossible to find and correct the errors once they percolate through the vast interconnected system.

Victims of financial identity theft have a much clearer path to recovery than those whose medical identities are stolen. If someone swipes your wallet and goes on a spending spree, you can ask any of the three major credit bureaus for a free credit report, place a fraud alert on your account and get inaccurate charges expunged. With medical identity theft, it's not that simple. In the first place, your records are most likely scattered among many different providers, and there's no medical records clearinghouse that keeps them.

Ultimately, no matter how sophisticated the technology or diligent the health care provider, patients themselves may be the best first line of defense against medical identity theft.
"Most of the time, these problems are consumer reported," says Byron Hollis, managing director of the national antifraud department for the Blue Cross Blue Shield Association. "They know what procedures they did or didn't receive."

Been breached? If you know, or even suspect, that your medical identity has been stolen, take these steps now:

• Get a copy of your medical records from health care providers and review them to make sure they're consistent with treatment you've received.
• Ask your insurer for copies of all "Explanation of Benefits" statements for the past year. (You may be able to get them online.) Review these for accuracy, too.
• Get a free copy of your credit report from one of the three credit bureaus. (Through AnnualCreditReport.com, you can obtain a free report once a year from each of the three companies.) Sometimes collection notices for unpaid bills alert victims to theft.
• File a police report if you're a victim. It may encourage providers and your insurer to correct your records promptly.