Six Ways to Protect Your Medical Identity
Smart steps to keep your information safe.
You know the drill: Each time you visit a new doctor or hospital, you’re asked to provide personal data, including your Social Security number, address, health insurance information, and sometimes even your credit card number. The expectation – spelled out by federally mandated HIPPA privacy laws that patients must review and sign off on – is that this sensitive information will be safely stored. But new surveys reveal that’s not always the case.
In reality, medical data loss in the United States is occurring at an alarming rate. A 2015 report from the Ponemon Institute (a research organization dedicated to advancing privacy and data protection practices) revealed that more than 90 percent of healthcare facilities surveyed had had at least one data breach, and 40 percent had more than five data breaches during the last two years. Criminal attacks on healthcare data have risen 125 percent from five years ago.
“Accidental data loss is more common than actual theft,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “The digitization of medical records is great for patients with conditions like rheumatoid arthritis [RA]; it allows multiple providers to coordinate care. But it also tends to result in larger data leaks than you’d have with paper records.” Any data loss is dangerous, because it increases the odds that unscrupulous individuals, hackers or crime rings can use your medical insurance for themselves or make false medical claims (think Medicare fraud) under your name. That can lead to medical mix-ups, such as blood type mistakes or prescription errors, if their data are stored on your medical chart. It also can cause you to exceed your allotted insurance benefits, which can potentially limit your care, and even put you on the hook for medical bills that aren’t really yours but were submitted in your name.
According to the Federal Trade Commission, red flags for patients include bills for medical services you didn’t receive; a call from a debt collector or a credit report showing you have medical debt you didn’t accrue; or a notice from your health insurance company that you’ve reached the limit on your benefits. Take these steps to reduce your risk of data leaks:
1. Ask How Your Health Information Is Used
Find out what information health care providers keep on file for you, how they use it, and whether they’d share that information without your consent. “If your doctor thinks you’d be a good fit for a new RA drug trial, for example, you should be given the opportunity to say yes or no before the doctor passes your information to the pharmaceutical company or research team,” says Ponemon. Each time you see the doctor, ask the date of your last visit to make sure their records are accurate.
2. Put Your Photo on File
Many security-conscious providers now ask patients to provide photo ID to confirm your identity. If yours doesn’t, ask them to put a note on the top of your file to check your ID at future visits. It’s not a perfect system but it’s a start, experts say.
3. Look for Warning Signs
“If you notice files open and sitting around a medical office, it’s a sign that there may be sloppiness in how information is maintained,” says Ponemon. Request your records if you see warning signs or sense something is amiss. Providers are required by law to let you see your medical files. “If there’s lots of extraneous or erroneous information, such as the wrong billing address, it can be a sign they’re not being careful,” says Deven McGraw, director of the Health Privacy Project at the Center for Democracy & Technology.
4. Review Your Claims Statements and Bills
“They should reflect doctor visits you actually went to and services, such as surgery, that you actually received,” says McGraw. If you notice an error, tell the medical office and your health insurance company, and request an updated statement reflecting the correction.
5. Safeguard Your Documents
“Shred all throw-away documentation, and store important documents in a secure place, like a locked filing cabinet,” says Robert Siciliano, a Boston-based identity theft expert and McAfee consultant.
6. Read Your Mail
“The federal government requires health care providers to tell patients if their data have been leaked,” says McGraw. If you receive such a notice, ask the provider these questions: Was the loss a theft or an accident? Was the data digital, and was it encrypted (in which case there’s a low probability it can be used)? Will the provider offer remedies? “Larger insurers and hospitals, in particular, often offer free credit monitoring to those affected by a security breach,” says McGraw.