Protect Yourself From Medical Identity Theft
It is an almost unthinkable crime, to steal from the sick and dying. And yet we all know it happens. I remember as a child hearing my parents discuss leaving a family member at home during funerals, to ward off any would-be burglars. Burglars, they said, read the obituaries, too — and know exactly when the entire family will be busy elsewhere.
So it should not be surprising that identity criminals target the dying or the dead. Still, it’s hard to imagine until you see it for yourself. On Christmas night, you will. Dateline NBC will tell the incredible story of a man sick with a terrible form of leukemia, a man literally days from his death — and the repulsive crime he suffered while enduring everything else that comes with cancer. Eric Drew’s identity was stolen by a hospital worker. While Drew was gasping for life, his imposter was living it up on fraudulent credit cards. After all, the criminal must have thought, and Drew was hardly in a position to complain.
This might not seem like happy holiday material, the story of this despicable deed, but au contraire. Dateline’s Josh Mankiewicz will take you on a redeeming tale of hope, persistence and eventually, justice. I won’t give away too much, but you’ll be amazed at how this time, the good guys come out on top.
But when you watch, you will no doubt be wondering: Could this happen to me? The answer is, quite clearly, yes.
Stories of nurses, patients, and visitors stealing identities from the sick can be ripped from the headlines across America, like the story of a nurse in a Philadelphia hospital who gave terminally ill patients’ identities to a crime ring. They drained the patients’ accounts and obtained $10 million in fraudulent mortgages using the stolen personal information.
“They’re like vultures. You wonder how people can be so horrible,” said Mari Frank, an ID theft victim lawyer and author of two books on the subject. “They think, ‘Who cares, he’s going to die anyway.’ ”
It’s hard to imagine, particularly if you trust your doctor and your hospital. But do you trust the patient across the hallway? And all his visitors? The grim reality is, identity theft is a peril for hospital patients, another concern sick and dying people, and their families, must put on their checklists.
Fortunately, there are some things you can do to protect the privacy of people you love while they’re recovering in the hospital.
Just say no
Most advice from experts surrounds the protection of Social Security numbers. For years, the SSN, the key to your financial kingdom, was the most common identifier on medical insurance cards and in hospitals. That’s finally changed — most health insurance ID cards now use a new numbering system; still, your hospital or doctor’s office will likely ask for your SSN anyway. Contrary to popular opinion, you can say no, says Twila Brase, a nurse who runs patient privacy advocacy group Citizens for Choice in Health Care.
“Ask them to use a new numbering system,” Brase said. “They will often say, ‘We have to have it,’ but then you can say, ‘Where is your manager.’ ”
You can even write a letter to the hospital in advance of a stay, asking if an SSN is required, she suggested. Hospitals eager to have your business will comply with the request, and then you’ll have it in writing.
Still, for sick patients and their families, confrontations over Social Security numbers can be difficult, particularly when patients are already facing so many other worries — and there’s a natural urge to please the nurses and doctors who will be administering care. But Brase said many hospitals now are attuned to the issue, thanks to all the publicity surrounding identity theft — so they will often quickly comply.
“There was much more pushback two years ago than there would be today,” Brase said.
HIPAA doesn’t always help
Private patient information is supposed to be protected under the Health Insurance Portability and Accountability Act (HIPAA), familiar to most patients because of lengthy disclosure forms they receive upon entering medical facilities. HIPAA created a class of data called Protected Health Information, which includes name, address, Social Security number, previous medical conditions, and so on. Confidentiality of that data is supposed to be assured. But regulations do not always translate into actions. Just two months ago, a Hawaii hospital was forced to admit it lost a computer thumb drive with 120,000 patient records on it.
And from the normal government do-as-I-say, not-as-I-do file, Medicare cards — which senior citizens need to carry, and to present to doctors and hospitals — still include Social Security numbers. Earlier this year, both the House and Senate passed bills that would finally end this prehistoric practice.
That means patients and families need to push for their own privacy rights. Family members should also browse through medical charts when they have the chance, looking for the appearance of unnecessary personal information. There’s no reason a patient’s Social Security number should be on a chart hanging off the front of a hospital bed, or on a wristband. Ask that any stray personal information be removed.
While many patients’ charts are computerized now, those records aren’t necessarily any safer from prying eyes than paper charts — as shown by the number of computer-based data leaks we’ve seen this year.
FBI Agent James Rogers, who has investigated identity theft cases involving hospital data theft — including Eric Drew’s case — recommends asking hospitals directly which employees will have access to the patient’s records. Lab technicians don’t need access to Social Security numbers, for example.
“You don’t have to be gentle about it. Just ask. Ask lots of questions. You are never wrong for asking questions,” Rogers said. Patients who are concerned about annoying hospital staff should deputize a family member to have that conversation, he said.
Leave the bills at home
Of course, medical records are just one way an identity thief can hit pay dirt in a hospital. Rogers says a bigger problem is patients who bring other paperwork with them into the hospital – such as monthly bills or a wallet full of credit cards.
“They should leave most of that stuff at home,” he said. “Cancer patients and others who are in the hospital for a long time tend to do their bills in the hospital. But leaving papers around like that, they are prime for the taking.”
Even though many hospitals have locking drawers for patients to use, Rogers said he wouldn’t trust them with critical papers.
“Too many people have access to them,” he said. “I wouldn’t trust any of those places for your valuables.”
Frank, the ID theft lawyer, says family members need to take control of privacy issues for sick relatives. Tact is often useful in discussion with hospital staff, she said.
“I’m very nice about it. I just say, ‘Look, I know you are doing the best you can, but I’m really scared of this. Do you mind if we redact this information, or can we just keep this information in a locked drawer?'”
But the most straightforward advice comes from Eric Drew, the man who saw his credit ruined when he was at his most vulnerable.
“When someone asks for your Social Security number, just tell them, I don’t use it. That’s it. I just don’t use it,” he said. “And be demanding on where they are keeping your files, who has access to them and do they keep records of who does access them.”
Still, even after his harrowing experience, when Drew’s condition was starting to improve, and he had already learned the hard way to protect his personal information — and even after he had already become a bit of a celebrity for his ID theft battle — a new hospital left a document with his Social Security number right on the receptionist’s front counter.
“I said, ‘You guys have got to be kidding me,’ ” he said.
Like it or not, Drew warns, the burden to protect our privacy and our identities falls on consumers.
8 Tips to stop hospital ID theft
- Leave credit cards at home. Empty wallets and purses of other unnecessary items
- Get a family member to do the bills. Mail left in hospital rooms is an easy target
- Don’t trust patient room locked drawers or cabinets with valuable items or information
- Refuse requests for Social Security numbers
- If SSN is required, ask that it be kept separately, under lock and key
- Ask hospitals to use your medical record number instead of your SSN for ID purposes
- Browse patient charts, wrist bands for extraneous personal information
- Don’t be afraid to ask questions, such as who will be able to access your information