T he next time you submit a claim to your health insurer, fill out a form at the doctor’s office or tell your personal story in an online health forum, consider this: Your health information is becoming increasingly valuable — not just to those who want to improve health care but also to those who would like to use it for illegal purposes.
In fact, according to the Identity Theft Resource Center, health care has been the most common area for data breaches in the past three years. Medical identity theft was up about 20 percent between 2013 and 2014, and last year about 2.3 million Americans were victims.
Here’s what you need to know to protect yourself:
Know how you can be harmed.
Medical identity theft can have financial and health repercussions. With your health records — which may include your Social Security number, security words such as mother’s maiden name, contact information and insurance ID numbers — hackers can fraudulently use your health insurance to obtain care and pricey products such as wheelchairs. They may also rake in big bucks selling your data. Health records may sell for about $50 each on the black market; credit-card numbers, by contrast, may be valued at $1 or less.
If your health information is stolen, it can take hundreds of hours to fix the problem and cost you plenty. Your maximum legal liability on a stolen credit card is only $50, but there’s no clear limit on what you might have to pay in the health-care area. A recent Ponemon Institute study of medical identity theft victims found that almost two-thirds shelled out money to resolve the problem. They spent, on average, $13,500 to pay back insurers or providers for care a criminal had obtained in their name, to restore health insurance lost to fraud, and for lawyers and identity protection services.
The effects on your health may also be negative. In the Ponemon study, 10 percent of victims experienced misdiagnosis because of fraud-related errors in their medical records, and 11 percent faced treatment delays.
How? If your insurance is temporarily canceled or benefits are used up, treatment may be delayed as you untangle the mess. If someone fraudulently uses your insurance, that person’s drug allergies, surgeries and more may end up in your medical records, which can be tough to correct.
Take smart steps.
You want your medical information to be secure but not locked up too tightly. For prompt, accurate medical care, your health-care providers may need to send information to each other. In an emergency, doctors may have to make rapid treatment decisions and need your health records to help. thus, some strategies to consider:
● Share personal data cautiously at doctors’ offices and hospitals, and with insurers. For example, ask whether your driver’s license number is really needed.
● Avoid giving personal information by phone. After the Anthem health insurance breach in February, where hackers potentially accessed about 80 million customer records, people received phone calls from individuals who falsely claimed to be Anthem representatives asking for personal identifying information.
● Exercise e-mail savvy. Skip over e-mail that you don’t recognize, and never provide personal information unless you have verified the source. If you exchange e-mail with your doctor, ask whether he or she has a portal that permits secure messaging. Consider one e-mail account for health care and banking, another for social media. And change your passwords often.
● Be digitally wise. Remember that your Web searches can be tracked by others and that social media and Web sites can be hacked. Consider a pseudonym in health-related chat rooms. Think carefully before entering personal information into wearable devices, mobile apps and health Web sites, especially those with interactive tools such as calorie trackers.
● Watch out for public WiFi. Don’t log into health accounts on public WiFi.
● Protect electronics. Use high-quality virus and malware protection software.
● Store medical data carefully. Keep your electronic records and other health files on a password-protected external hard drive. Encrypt (scramble) the information if you can. Keep your paper records and CDs in a locked cabinet. Shred paper or destroy disks before discarding them. If you use cloud services, exclude sensitive accounts.
● Monitor your credit history often. You’re entitled to one free credit report each year from each of the three credit-reporting agencies. Stagger those so that you get one from a different agency every four months. If you’ve been the victim of medical identity theft and have placed a fraud alert on your credit report, you get one additional free report from each of the three organizations each year.
● Examine statements. Check these and other communications from insurers and health-care providers. Make sure services and diagnoses are correct.
● Check records regularly. Look over your electronic health records or patient portal monthly. If you’re unfamiliar with those, ask your primary health-care provider for assistance. If he or she doesn’t have an online system, ask for a summary of what’s in your records each year, quarterly if you think you’ve been a fraud victim.
● Have a fraud action plan. If you spot anything worrisome, call your primary-care provider and insurance company promptly. Also, maintain a list of your health and financial accounts so that you can quickly ask for new credit and debit cards, change user names and passwords, and ask credit bureaus to put a fraud alert on your records.
For further guidance, go to www.ConsumerReports.org/Health, where more detailed information, including CR’s ratings of prescription drugs, treatments, hospitals and healthy-living products, is available to subscribers.