BBB: Medical data breach a prescription for disaster

Posted at 10:31 AM, Oct 23, 2018
and last updated 2018-10-23 13:32:24-04

According to the Better Business Bureau, medical identity theft is on the rise and that could be a prescription for financial disaster.

This is happening despite strict privacy laws intended to safeguard your personal medical information, like the Health Insurance Portability and Accountability Act (HIPAA).

So why is medical identity theft a problem? Consider this:

If the thief’s health information gets mixed with yours, your treatment, insurance records, payment information and credit report could be affected. Even more troubling, when hackers steal your health data, they can use that information to commit other kinds of identity theft in addition to medical fraud. They can apply for loans, apply for government benefits or rack up charges on credit cards fraudulently taken out in your name.

Your medical and insurance information are valuable to identity thieves. BBB and the Federal Trade Commission (FTC) offer the following advice to help protect you from medical identity theft:

Be Wary of “Free”

Be cautious if someone offers you “free” health services or products, but requires you to provide your health plan ID number. Medical identity thieves may pretend to work for an insurance company, doctor’s offices, clinic or pharmacy to try to trick you into revealing sensitive information. Know who you are talking to and do not share medical or insurance information by phone or email, unless you initiated the contact. Call your doctor directly or login to your insurer’s patient portal to verify that the query is really coming from them. Also, keep paper and electronic copies of your medical and health insurance records in a safe place. Shred outdated health insurance forms, prescription and physician statements, and the labels from prescription bottles before you throw them out.

Read the “Explanation of Benefits”

Your insurer routinely mails out these summaries of medical services rendered with “This is not a bill” printed on top. Briefly review everything mailed to you from doctors and your insurance company. If you spot anything suspicious, contact the provider or your insurance company.

Do Not “Overshare”

If you are not sure why your doctor needs a piece of information, just ask whether it is necessary. Many standard forms ask for a Social Security number, but it is often fine to leave that field blank. Always read a website’s Privacy Policy before you provide sensitive personal information, like your Social Security number, insurance account numbers or details about your health. Find out why it is needed, how it will be kept safe, whether it will be shared and with whom.

Got a question for the BBB? Contact Regional Director Kelly Trevino at  or call (361) 852-4991.