skip to main content

ES

Six Ways to Protect Your Medical Identity

By Camille Noe Pagán

Smart steps to keep your information safe when you are seeking arthritis care.

Each time you visit a new doctor or hospital, you’re asked to provide personal data, including your Social Security number, address, health insurance information, and sometimes even your credit card number. The expectation – spelled out by federally mandated HIPPA privacy laws that patients must review and sign off on – is that this sensitive information will be safely stored. But new surveys reveal that’s not always the case.

With advances in technology, medical data loss in the United States is occurring at an alarming rate. 

“Accidental data loss is more common than actual theft,” says Larry Ponemon, chairman and founder of the Ponemon Institute, a privacy and data protection think tank. “The digitization of medical records is great for patients with conditions like rheumatoid arthritis [RA]; it allows multiple providers to coordinate care. But it also tends to result in larger data leaks than you’d have with paper records.” Any data loss is dangerous, because it increases the odds that unscrupulous individuals, hackers or crime rings can use your medical insurance for themselves or make false medical claims (think Medicare fraud) under your name. That can lead to medical mix-ups, such as blood type mistakes or prescription errors, if their data are stored on your medical chart. It also can cause you to exceed your allotted insurance benefits, which can potentially limit your care, and even put you on the hook for medical bills that aren’t really yours but were submitted in your name.

According to the Federal Trade Commission, red flags for patients include bills for medical services you didn’t receive; a call from a debt collector or a credit report showing you have medical debt you didn’t accrue; or a notice from your health insurance company that you’ve reached the limit on your benefits. Take these steps to reduce your risk of data leaks:

1. Ask How Your Health Information Is Used

Find out what information health care providers keep on file for you, how they use it, and whether they’d share that information without your consent. “If your doctor thinks you’d be a good fit for a new RA drug trial, for example, you should be given the opportunity to say yes or no before the doctor passes your information to the pharmaceutical company or research team,” says Ponemon. Each time you see the doctor, ask the date of your last visit to make sure their records are accurate.

2. Put Your Photo on File

Many security-conscious providers now ask patients to provide photo ID to confirm your identity. If yours doesn’t, ask them to put a note on the top of your file to check your ID at future visits. It’s not a perfect system but it’s a start, experts say.

3. Look for Warning Signs

“If you notice files open and sitting around a medical office, it’s a sign that there may be sloppiness in how information is maintained,” says Ponemon. Request your records if you see warning signs or sense something is amiss. Providers are required by law to let you see your medical files. “If there’s lots of extraneous or erroneous information, such as the wrong billing address, it can be a sign they’re not being careful,” says Deven McGraw, former Department of Health and Human Services privacy chief.

 4. Review Your Claims Statements and Bills

 “They should reflect doctor visits you actually went to and services, such as surgery, that you actually received,” says McGraw. If you notice an error, tell the medical office and your health insurance company, and request an updated statement reflecting the correction.

5. Safeguard Your Documents

“Shred all throw-away documentation, and store important documents in a secure place, like a locked filing cabinet,” says Robert Siciliano, a Boston-based identity theft expert and McAfee consultant.

 6. Read Your Mail

“The federal government requires health care providers to tell patients if their data have been leaked,” says McGraw. If you receive such a notice, ask the provider these questions: Was the loss a theft or an accident? Was the data digital, and was it encrypted (in which case there’s a low probability it can be used)? Will the provider offer remedies? “Larger insurers and hospitals, in particular, often offer free credit monitoring to those affected by a security breach,” says McGraw.

If Your Medical ID Has Been Stolen…

Report it to the Office of the Inspector General. For instructions and more information on how to deal with medical ID theft, visit here.
 

Stay in the Know. Live in the Yes.

Get involved with the arthritis community. Tell us a little about yourself and, based on your interests, you’ll receive emails packed with the latest information and resources to live your best life and connect with others.