If your credit card is stolen, it may take a few minutes on the phone with the bank to reverse the fraudulent charges.
But if your identity is stolen and used for medical treatment, it could take a year or longer to undo the damage, a new study released today found. Victims may also get dropped by their insurance provider and end up paying the imposter’s bills just to make the problem go away, potentially to the tune of $100,000 or more.
Medical identity theft is an especially harmful scam that is time-consuming and getting more expensive for victims, a trend that shows the health care industry’s difficulty in fighting a problem that may affect as many as 1.85 million people in the U.S. this year, up from 1.49 million a year ago, according to the Ponemon Institute’s third annual survey on the topic.
This type of theft is estimated to have a $41.3 billion impact on the U.S. economy, up from $30.9 billion last year, the report said.
Health care providers and insurance companies are grappling with an influx of identity thieves, a problem that’s becoming more acute as prolonged unemployment and rising medical costs have added to the ranks of the uninsured. About 50 million people in the U.S. don’t have health insurance, according to the Department of Health and Human Services, and the question of the government’s role in how to insure them is now before the U.S. Supreme Court, which is set to rule this week on the legality of President Obama’s health care overhaul.
The lack of coverage has driven some people to resort to criminality to obtain medical care. Prescription drug addictions also play a big role. Either way, the toll on victims is rising.
Ponemon produces a study each year on the cost of medical identity theft, and for this year’s report, the Traverse City, Michigan-based organization interviewed 757 people who said they or their family members were victims of medical identity theft.
The average cost per victim was $22,346 this year, up from $20,663 last year, the survey found. Some people paid much more: 6 percent of respondents reported paying $100,000 or more to resolve their cases.
Those costs include lawyers and credit-monitoring services, which are standard for nasty cases of identity theft. But there are other expenses that are unique to this type of fraud and underscore the complicated nature of the crime.
Victims are sometimes dropped by their insurance companies, forced to pay the full cost of their medical expenses while they’re working to resolve their cases and find new coverage. Forty-one percent of respondents said their coverage was terminated as a result of the identity theft, down from 49 percent last year, the survey found.
Forty-five percent of the victims also reported simply paying for medical services or pharmaceuticals provided to the imposters to make the problem go away, up from 44 percent last year, the report said.
If that seems surprising, consider this: The process of resolving a medical identity theft case is so long — on average, it takes 12.1 months, essentially the same as last year, according to Ponemon — that paying the bill can make more financial sense than dragging out the fight.
Not all victims are completely innocent.
Victims often don’t report the crime because they know the perpetrators, according to the survey. Family members are often the culprits in medical identity theft cases. Many victims find out after the fact, while some even grant their permission for the crime to be committed in their name.
Thirty-one percent of the survey respondents said they let family members use their information to obtain medical care, up from 26 percent last year. Most said it was because their family members were uninsured, couldn’t afford care or were experiencing a medical emergency.
Larry Ponemon, the institute’s founder, said his organization interviewed about 40 survey respondents more in-depth on this issue. Most people who fell into this category were “simply careless” and didn’t understand the consequences of their actions, he wrote in an e-mail. Some may have been trying to cheat the system even more by claiming they were identity-theft victims to avoid paying any costs, but it was hard to determine people’s true motivation, Ponemon said.
For legitimate victims, there are few good ways to prevent medical identity theft, which can begin with hacking attacks or the loss or theft of medical-office computers.
The health care industry lags its peers in key ways to fight this kind of fraud.
Financial services firms have found a speedy way to deal with bogus charges, driven by the need to keep credit card transactions humming and fraud rates low. When people’s credit cards are ripped off, banks and retailers eat the costs. Under federal law, consumers’ liability is capped at $50 for each lost or stolen card, which hardly anybody has to pay. The industry has a clear motivation to clear fraud victims’ cases quickly so they can start spending again.
Health care providers have less experience in this area.
Clare Krusing, spokeswoman for America’s Health Insurance Plans, a lobbying group for the U.S. health insurance industry, said the organization doesn’t have enough data on the issue to comment. Representatives for the American Hospital Association and the National Health Care Anti-Fraud Association did not immediately respond to requests for comment.
Many people find out they are victims of medical identity theft when they are contacted by debt collectors, looking to recoup a hospital’s or insurance company’s unpaid expenses.
It’s hard to stop the crime before it’s happened, unlike many purely financial schemes that can be stopped with free fraud alerts that trigger phone calls to potential victims when new lines of credit are opened in their names.
To protect against medical schemes, however, there is one fairly effective method: you can monitor your credit report for signs of any unpaid medical expenses going in to collections. All of the major credit-reporting agencies — Equifax, Experian (which sponsored the Ponemon study) and TransUnion — must provide a free credit report once a year for people who ask.