• Subscribe to the AG's RSS Feed
  • Join the AG's FaceBook
  • Follow the AG on Twitter
  • View the AG's YouTube Channel
  • View the AG's Tumblr Page

First Aid for Medical Identity Theft: Tips for Consumers

When another person uses your personal information to get medical services or goods, or to gain financially, that is medical identity theft. The thief may use your identity to see a doctor. He or she may get prescription drugs or to file claims with your insurance company in your name. If the thief’s medical treatment or diagnosis mixes with your treatment or diagnosis, your health is at risk.

In this information sheet, we describe signs of medical identity theft. Then we give you tips for protecting yourself. At the end of the sheet, we have sample letters and more resources for tackling this crime head-on.

There are five key signs that you might have a medical identity theft problem.

Sign One: Receipt Of A Breach Notice

You get a letter from a health care organization. The letter tells you that your information was involved in a data breach, which means your information left the organization’s control for a period. The letter usually describes what happened. A burglar, for example, may have stolen an employee laptop, or a hacker may have reached into the organization’s computer system. The letter also shares what type of information was exposed. It could be health insurance numbers, Social Security numbers, or medical information. Some information types can put you at greater risk than others, so look closely at this part of the letter.

    Tips

  • If the letter says your Social Security number was involved, quickly go to our fact sheet What to Do If Your Personal Information Is Compromised (See Additional Resources section at end of this sheet.). Follow the four steps: a fraud alert or a security freeze on your credit records will stop someone else from using your Social Security number to open new credit accounts in your name.
  • If the letter says your health insurance or health plan number was involved, contact your insurer or plan. Tell them about the breach and ask them to note the breach in their records and to flag your account number. Closely watch your Explanation of Benefits statements for any questionable items. If you find any, follow the steps in the next section.
  • A breach that involves medical information, but not your Social Security or health insurance number, does not generally pose a risk of medical identity theft. Keep watching your Explanation of Benefit statements anyway.

Sign Two: Unknown Item in Explanation of Benefits

Your Explanation of Benefits statement from your health insurer arrives in the mail. This is that form than often says “THIS IS NOT A BILL.” You see a service you did not receive, an office visit you did not make, or medical equipment you did not request on the statement. (Remember that services for family members may be on your Explanation of Benefits too.)

    Tips

  • Call your insurer at the number listed on the Explanation of Benefits. Ask for more details about anything you suspect, and ask them to investigate. Ask for copies of records connected to the item. You may need to write this request: Sample Letter 1 at the end of this information sheet will help.
  • Contact the doctor, pharmacy, laboratory, health plan, or other provider who submitted the information to the insurer. Ask to see your medical records about the item you are seeing in the Explanation of Benefits. Be confident in knowing that you have a right to inspect your medical records and to receive copies of them, with some exceptions. Be careful too - copies of medical records cost money. Try making your request more manageable by inspecting your records at the office first, then requesting copies of only items that seem to be part of the problem. To make a request in writing, see Sample Letter 2.
  • Review all the information you receive from your insurer and your related medical records. If you still believe the item is incorrect, contact the health care provider’s medical records department or privacy office. Explain which information is not correct and have copies of the supporting documents ready to illustrate your point. Request to have your medical records corrected. You may need to get a police report of identity theft to go with your request. Sample Letter 3 is a request for correction.

Sign Three: Notice of Reaching Benefit Limit

You may receive a notice from your health insurer or health plan saying that you have reached your benefit limit. Or your request for a benefit is denied because it would be over your limit. If you believe you have not reached your limit, take steps to find out if you may be a victim of medical identity theft.

    Tips

  • Call your insurer, at the number on the notice. Ask for a listing of all the benefits paid in your name.
  • Review the list and if you believe it contains inaccurate items, follow the steps above in the Explanation of Benefits section.

Sign Four: Call from Debt Collector

You get a bill or phone call from a hospital or other health care provider or from a collection agency about a bill for medical services that you did not receive.

    Tips

  • First, focus on the financial risks. Tell the creditor or collector that you did not receive the service and are not responsible for it. Ask for a copy of the bill and related documents. See our Identity Theft Victim Checklist for the steps to take on financial identity theft.
  • Then, take action on the possible impact on your medical records. Call your health insurer or health plan. Tell them about the bill, explain that you did not receive the services and ask them to investigate it. You can use Sample Letter 1 for this.
  • Contact the health care provider who provided the services. Tell them you received a bill or call about a service you did not get. Ask them to check their billing records. If they confirm the bill, ask them for a copy of your medical records related to the service. You can use Sample Letter 2 for this.
  • Review the information you receive from your insurer and your medical records. See Step 3 in Explanation of Benefits.

Sign Five: Questions at Intake

You check in at your health provider. When the staff asks you to “verify” your information, you notice that something is wrong – your address or date of birth, for example. They may even ask you how you are doing after your surgery, and you never had a surgery in your life!

    Tips

  • Ask for the billing supervisor. Tell him or her that you may be the victim of medical iden-tity theft. Ask the supervisor to investigate the billing records and to flag your account as possible identity theft. Also ask the super-visor to have your medical records reviewed for possible errors related to identity theft.
  • Depending on the results of the investiga-tion, take other steps described above.

Additional Resources

Notice of Privacy Practices:

Federal law requires health care providers and health plans to give you a Notice of Privacy Practices. Ask your provider or look for it on the organization’s web site. In the Notice, you can find instructions on how to order copies of your medical records, how to request an amendment or correction, how to file a privacy complaint, and other helpful information.

Privacy Officer:

Large health care organizations often mean complex processes. An organization’s privacy officer should be able to offer clear explanations and guidance in handling your medical identity theft situation. Contact information for the privacy officer should be in the Notice of Privacy Practices.

Office of Civil Rights:

Sometimes when you say you may be a victim of medical identity theft, a provider is unwilling to give you access to your medical records. Some providers have questioned whether the federal health privacy law permits showing you a record that may contain another person’s personal health infor-mation. In such a case, show the provider the guidance offered by the Office for Civil Rights, which enforces the health privacy law, on their web site at www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/. If your provider still resists, you can file a complaint with the Office of Civil Rights: www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Information Sheets from the California Attorney General:

A number of information sheets on privacy topics are available on the web site at www.oag.ca.gov/privacy/info-sheets. The ones listed below are helpful in dealing with medical identity theft.

More on Medical Identity Theft:

The World Privacy Forum has conducted research on medical identity theft and has a wealth of information on its web site at www.worldprivacyforum.org/medicalidentitytheft.html.

This fact sheet is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice on a particular case, you should consult an attorney or other expert. The fact sheet may be copied, if (1) the meaning of the copied text is not changed or misrepresented, (2) credit is given to the California Department of Justice, and (3) all copies are distributed free of charge.

This fact sheet is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice on a particular case, you should consult an attorney or other expert. The fact sheet may be copied, if (1) the meaning of the copied text is not changed or misrepresented, (2) credit is given to the California Department of Justice, and (3) all copies are distributed free of charge.

Megan's Law

California Registered Sex Offender Database

Search Now

Megan's Law information is also available in these languages:

Site Navigation

Translate Website

  • Google™ Translation Disclaimer

This Google™ translation feature is provided for informational purposes only.

The Office of the Attorney General is unable to guarantee the accuracy of this translation and is therefore not liable for any inaccurate information resulting from the translation application tool.

Please consult with a translator for accuracy if you are relying on the translation or are using this site for official business.

If you have any questions please contact:Bilingual Services Program at (916) 324-5482

A copy of this disclaimer can also be found on our Disclaimer page.

Select a Language Below / Seleccione el Idioma Abajo

Close this box or use the [ X ]