Hospital ID Theft: How To Protect Yourself

Protect Yourself From Medical Identity Theft

It is an almost unthinkable crime, to steal from the sick and dying. And yet we all know it happens. I remember as a child hearing my parents discuss leaving a family member at home during funerals, to ward off any would-be burglars. Burglars, they said, read the obituaries, too — and know exactly when the entire family will be busy elsewhere.

So it should not be surprising that identity criminals target the dying or the dead. Still, it’s hard to imagine until you see it for yourself. On Christmas night, you will. Dateline NBC will tell the incredible story of a man sick with a terrible form of leukemia, a man literally days from his death — and the repulsive crime he suffered while enduring everything else that comes with cancer. Eric Drew’s identity was stolen by a hospital worker. While Drew was gasping for life, his imposter was living it up on fraudulent credit cards. After all, the criminal must have thought, and Drew was hardly in a position to complain.

This might not seem like happy holiday material, the story of this despicable deed, but au contraire. Dateline’s Josh Mankiewicz will take you on a redeeming tale of hope, persistence and eventually, justice. I won’t give away too much, but you’ll be amazed at how this time, the good guys come out on top.

But when you watch, you will no doubt be wondering: Could this happen to me? The answer is, quite clearly, yes.

Stories of nurses, patients, and visitors stealing identities from the sick can be ripped from the headlines across America, like the story of a nurse in a Philadelphia hospital who gave terminally ill patients’ identities to a crime ring. They drained the patients’ accounts and obtained $10 million in fraudulent mortgages using the stolen personal information.

“They’re like vultures. You wonder how people can be so horrible,” said Mari Frank, an ID theft victim lawyer and author of two books on the subject. “They think, ‘Who cares, he’s going to die anyway.’ ”

It’s hard to imagine, particularly if you trust your doctor and your hospital. But do you trust the patient across the hallway? And all his visitors? The grim reality is, identity theft is a peril for hospital patients, another concern sick and dying people, and their families, must put on their checklists.

Fortunately, there are some things you can do to protect the privacy of people you love while they’re recovering in the hospital.

Just say no

Most advice from experts surrounds the protection of Social Security numbers. For years, the SSN, the key to your financial kingdom, was the most common identifier on medical insurance cards and in hospitals. That’s finally changed — most health insurance ID cards now use a new numbering system; still, your hospital or doctor’s office will likely ask for your SSN anyway. Contrary to popular opinion, you can say no, says Twila Brase, a nurse who runs patient privacy advocacy group Citizens for Choice in Health Care.

“Ask them to use a new numbering system,” Brase said. “They will often say, ‘We have to have it,’ but then you can say, ‘Where is your manager.’ ”

You can even write a letter to the hospital in advance of a stay, asking if an SSN is required, she suggested. Hospitals eager to have your business will comply with the request, and then you’ll have it in writing.

Still, for sick patients and their families, confrontations over Social Security numbers can be difficult, particularly when patients are already facing so many other worries — and there’s a natural urge to please the nurses and doctors who will be administering care. But Brase said many hospitals now are attuned to the issue, thanks to all the publicity surrounding identity theft — so they will often quickly comply.

“There was much more pushback two years ago than there would be today,” Brase said.

HIPAA doesn’t always help

Private patient information is supposed to be protected under the Health Insurance Portability and Accountability Act (HIPAA), familiar to most patients because of lengthy disclosure forms they receive upon entering medical facilities. HIPAA created a class of data called Protected Health Information, which includes name, address, Social Security number, previous medical conditions, and so on. Confidentiality of that data is supposed to be assured. But regulations do not always translate into actions. Just two months ago, a Hawaii hospital was forced to admit it lost a computer thumb drive with 120,000 patient records on it.

And from the normal government do-as-I-say, not-as-I-do file, Medicare cards — which senior citizens need to carry, and to present to doctors and hospitals — still include Social Security numbers. Earlier this year, both the House and Senate passed bills that would finally end this prehistoric practice.

That means patients and families need to push for their own privacy rights. Family members should also browse through medical charts when they have the chance, looking for the appearance of unnecessary personal information. There’s no reason a patient’s Social Security number should be on a chart hanging off the front of a hospital bed, or on a wristband. Ask that any stray personal information be removed.

While many patients’ charts are computerized now, those records aren’t necessarily any safer from prying eyes than paper charts — as shown by the number of computer-based data leaks we’ve seen this year.

FBI Agent James Rogers, who has investigated identity theft cases involving hospital data theft — including Eric Drew’s case — recommends asking hospitals directly which employees will have access to the patient’s records. Lab technicians don’t need access to Social Security numbers, for example.

“You don’t have to be gentle about it. Just ask. Ask lots of questions. You are never wrong for asking questions,” Rogers said. Patients who are concerned about annoying hospital staff should deputize a family member to have that conversation, he said.

Leave the bills at home

Of course, medical records are just one way an identity thief can hit pay dirt in a hospital. Rogers says a bigger problem is patients who bring other paperwork with them into the hospital – such as monthly bills or a wallet full of credit cards.

“They should leave most of that stuff at home,” he said. “Cancer patients and others who are in the hospital for a long time tend to do their bills in the hospital. But leaving papers around like that, they are prime for the taking.”

Even though many hospitals have locking drawers for patients to use, Rogers said he wouldn’t trust them with critical papers.

“Too many people have access to them,” he said. “I wouldn’t trust any of those places for your valuables.”

Frank, the ID theft lawyer, says family members need to take control of privacy issues for sick relatives. Tact is often useful in discussion with hospital staff, she said.

“I’m very nice about it. I just say, ‘Look, I know you are doing the best you can, but I’m really scared of this. Do you mind if we redact this information, or can we just keep this information in a locked drawer?'”

But the most straightforward advice comes from Eric Drew, the man who saw his credit ruined when he was at his most vulnerable.

“When someone asks for your Social Security number, just tell them, I don’t use it. That’s it. I just don’t use it,” he said. “And be demanding on where they are keeping your files, who has access to them and do they keep records of who does access them.”

Still, even after his harrowing experience, when Drew’s condition was starting to improve, and he had already learned the hard way to protect his personal information — and even after he had already become a bit of a celebrity for his ID theft battle — a new hospital left a document with his Social Security number right on the receptionist’s front counter.

“I said, ‘You guys have got to be kidding me,’ ” he said.

Like it or not, Drew warns, the burden to protect our privacy and our identities falls on consumers.

8 Tips to stop hospital ID theft

  1. Leave credit cards at home. Empty wallets and purses of other unnecessary items
  2. Get a family member to do the bills. Mail left in hospital rooms is an easy target
  3. Don’t trust patient room locked drawers or cabinets with valuable items or information
  4. Refuse requests for Social Security numbers
  5. If SSN is required, ask that it be kept separately, under lock and key
  6. Ask hospitals to use your medical record number instead of your SSN for ID purposes
  7. Browse patient charts, wrist bands for extraneous personal information
  8. Don’t be afraid to ask questions, such as who will be able to access your information

About Scammer Alert

Scammer Alert provides an effort to unmask corporate sneakiness and outright scams. Covering topics such as Internet scams and consumer fraud we take our coverage of online crime very seriously. Are there any businesses you suspect of being a scam or shady practices? Contact us with the details.

8 thoughts on “Hospital ID Theft: How To Protect Yourself

  1. Expand your questioning attitude to your employer’s benefits department. These are usually people with minimum pay and little medical training. Law and company policies just keep honest people honest. The temptation to make undocumented money on the side by revealing private employee information is high. Even if the leaker is caught, fired, and prosecuted, the victim is stuck with picking up the pieces in an unsympathetic system. ID theft is a perfect example of the cat being let out of the bag. Once it happens, you don’t know where it went. We cannot stop people in positions of trust who succumb to temptation, or people who deliberately “game the system”. What we can do is minimize what we disclose, and assertively question the uses of the information that is required of us.

    1. As a hospital nurse I think this is an excellent article although a little unnecessarily harse toward nurses. Certainly hospitals can and should do more to protect patient information and limit access to information to employees with a legitimate need to have it. Many of your tips to prevent identity theft are right on the mark. Please leave your credit cards and bills at home. You won’t need them. While you’re at it please leave your cash, jewelry and other valuables there also. One caution, remember that we are here to take care of you and one of the things we need to be able to do is to make sure that we have the right patient before we provide care. We don’t need your SSN for that but we are required by regulatory bodies to use two separate patient identifiers prior to doing things like giving you medications. Most hospitals will use your name and birth date or your name and medical record number. While there is risk of identity theft in hospitals there is greater risk of patient harm from doing things to the wrong patient. Hospital staff since HIPAA are constantly working to find the balance between protecting confidential information and protecting you from harm by mistaken identification. Work WITH the staff of the hospital and together we can achieve both goals.

    2. I know you think you are performing a grand service to the public warning them of how those of us working in a hospital are just dying to grab their information and run with it. This is muckraking at the highest level. Do you have any hard data that support this report
      beyond a few isolated cases? As a healthcare professional I take umbrage with your report. It is true that people need to take more care about their personal information. It is also true that people collecting the information need to take more time to verify that they are dealing with the real person and not an impostor. Do you really think we sit around the trauma bay plucking some unfortunate soul’s wallet and then yelling out “Hey, you get the mastercard. We will give the Visa card to Joe, and who wants the guy’s Diners Club card?” This may surprise you, but we can get fired, or arrested under the current provisions of the Healthcare Insurance Portability and Accountability Act (HIPAA).

      Do you think you could have found something a little more constructive to report on? Why not report on the number of people that give false or misleading identification to fraudulently obtain prescription narcotics? Why not do some reporting on how dangerous it is to allow your small child to ride on a 4 wheeler?

      You can fantasize all you want about all of the nefarious healthcare workers just waiting to steal all of those identities in the hospital. Can’t you just picture someone plotting to steal the identity of someone who may be bankrupt because of their hospital bills? That sure is a great plan…

    3. It’s amazing that, even among the best doctors and nurses who took their jobs so they could safeguard our health, who work so hard at preserving our physical and mental lives, care so little about helping us protect and safeguard our identity.

      Isn’t I.D. theft worth protecting against as much as the flu, a heart attack or cancer? I would feel no safer giving my SS# to a doctor/nurse/staff that I would seeing them juggle glass vials of plague samples.

      I believe they all fail the spirit of the Hippocratic oath until they treat personal information like they would a sample of a deadly virus. If they dont need it, they destroy it and if they keep it, it’s under lock and key to be used only when it is absolutely necesary and only by the fewest and most neccessary people. Can you imagine what would happen if they stored and accessed, say, bird flu samples with the same care and presicion that they use to store and access our personal information??

    4. I applaud you for the article. ID theft is very much alive and well among us EVERYWHERE! And as for the “MUCKRAKING”, isn’t an ounce of prevention worth the pain? Why do people get so incensed when the truth hits us in the face? We had a bigger problem with the hospital staff themselves than we did with the information we gave to the billing office. My husband went in for major surgery, when he was put in his room, he was in awful pain. I asked for the nurse to help him, the dr had written & called orders for pain management, she said he hadn’t. I was ticked because she wouldn’t even check, thank goodness the dr was walking up as she snarled at us. The orders were there, but she took her time about getting to it. The next day I walked in as he was being prepared to get a shot. I asked what he was getting the nurse, and the nurse replied “Insulin”, she argued with me that he needed it. He was NOT diabetic AND upon heated discussion, she discovered she was on the wrong floor. She didn’t check his ID. Another nurse walked in to take him to get a procedure he already had. He had to get an tube put into his chest to take in meds. He had it put in the day before. She argued he didn’t. It took an Xray to convince her. I told all this to my daughter, an RN, who is affilated with this hospital and she has told me that since this all happened things have changed. But without us bringing it all to light, maybe it wouldn’t have. So thank you for your information!!!!

    5. This story presents yet another example of enterprising criminal minds. The fact that it happened in a hospital is irrelevant, save for the fact that we feel a nauseating anger toward those who prey on the helpless at the most vulnerable time. Not much different from child molesters. This problem, I am affraid, will not go away until banks, and other organizations that need unique identifiers for individuals , move away from numbers that one can memorize and steal and start using truly unique identifiers such as fingerprints, retinal image, or electronic voice recognition before extending any credit. I have made my life’s career in health care, and I don’t feel insulted by this story, but I feel it misses the mark, if the goal is to indeed protect the public. As long as unique identifiers such as the social security number are used in conjunction with financial documents, the opportunity for ID theft will be there for criminals to take advantage of.

    6. Identity theft is merely a symptom of a larger set of problems that have turned the health care delivery sytem in the United States into a chaotic, traumatising mess. The system itself is unwieldy, fragmented, with no clear leadership at the federal level. There is pathetic enforcement of identity theft crime. There is no clear cut standard of who is employable in the health care industry. Hospital administrators are notoriously incompetent and there is no larger force they must answer to unless through the legal system. Doctors behave like arrogant little gods who don’t have time for problems they feel are beneath them. This combination of indifference and opportunity has created the perfect breeding ground for criminal behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *