Arnold Salinas knows a lot about the person who stole his identity.
He’s 5-foot-9, 190 pounds. He pays for pizzas with forged checks, defaulted on a $17,000 car loan and has traveled the country, racking up speeding tickets and thousands of dollars in unpaid taxes, according to Salinas and a firm he’s hired to clean up the mess.
But the worst part is: The imposter is sick.
Salinas, a 53-year-old maintenance worker, is fighting the nastiest form of identity theft — someone has taken out medical care in his name. Among the strange bills that have arrived at his Fresno, California, home over the past decade are debt-collection notices for extensive radiology and other treatments at four hospitals in Kansas and Texas.
“I have to be super, super careful from now on,” Salinas said. “God forbid I go to the hospital and they get his records.”
Medical identity theft affected an estimated 1.5 million people in the U.S. at a cost of $41.3 billion last year, according to the Ponemon Institute, a research center focused on privacy and data security. The crime has grown as health care costs have swelled and job cuts have left people without employer-subsidized insurance. Making matters worse: The complexity of the medical system has made it difficult for victims to clear their name.
Salinas’s story illustrates how cases like these can take years to resolve, longer than other forms of identity theft. Salinas has been fighting his case since 2002.
“What makes it so difficult is you have to go provider by provider, hospital by hospital, office by office and correct each record,” said Sam Imandoust, a legal analyst with the Identity Theft Resource Center. “The frustrating part is while you’re going through and trying to clean up the records, the identity thief can continue to go around and get medical services in the victim’s name. Really there’s no way to effectively shut it down.”
The fractured nature of the health care system makes medical identity theft hard to detect. Victims often don’t find out until two years after the crime, and cases can commonly stretch out a decade or longer, said Pam Dixon, founder of World Privacy Forum and a leading expert on the issue.
Some forms of identity theft can take as little as a few days to resolve, since banks and other financial institutions are generally equipped to handle the complaints. But medical identity thieves typically get treatment at five facilities or more, and the system isn’t set up to fix these kinds of errors, Dixon said.
“Most people never have a full cure — it’s very rare,” Dixon said. “It’s going to be a lifetime situation. It’s going to be like getting a scar on your leg. You heal your scar but you always have a little bit there.”
Complicating the process of fixing one’s medical records is that some victims face resistance in obtaining files from doctors. The physicians’ reason? The files contain sensitive health information about the imposter.
That’s what Vicki Lee Blair, a 63-year-old former computer analyst from Westminster, California, said happened to her.
During a period of unemployment, Blair went to a clinic run by the Orange County Health Care Agency in 1995 seeking antidepressant medication. She said she was shocked when clinicians peppered her with questions about a blood test in her file indicating thyroid problems and illegal drug use. A laboratory report reviewed by Bloomberg shows signs of two people’s records being mixed, such as an incorrect birthdate and different patient identification numbers.
She insisted the records were inaccurate, potentially the result of extensive identity theft that occurred a year earlier, possibly by a local woman with a similar name. Almost 20 years later, Blair is still fighting to clean up her record. The blood test has not been removed, she said.
Blair said she is broke and is convinced the record has hurt her ability to get affordable insurance, leaving her with constant anxiety.
“I have only two emotional responses left — sorrow, which produces nothing but tears, and anger,” she said in an interview. “At this point I’m not a well-rounded person, I’ll admit that.”
James Harman, supervising deputy county counsel for Orange County, declined to comment, citing patient privacy concerns.
The wider sharing of health data is fueling uncertainty about where bad records end up.
“Health information exchanges” are a cornerstone of the Obama administration’s health-care overhaul, allowing medical providers to swap patients’ digital medical records electronically. The exchanges can speed up and improve care, but they also raise the risk that an error in one place could wind up in another. Some exchanges have been found to share data without alerting patients, the subject of an earlier Bloomberg.com story.
For victims, there are few effective measures for prevention.
Setting fraud alerts with the credit-reporting agencies is one way to learn whether a perpetrator’s medical bills have gone into delinquency and were sent to debt collectors. By then, though, it’s too late.
Check the Teeth
The crime is “insidious,” said Deanna Jones, a fraud investigator who works with ID Experts, a firm that worked with Salinas on his case. Most medical facilities don’t have policies in place for responding to medical identity theft, especially for correcting records, she said.
As for the person who stole Salinas’s identity, he may never be caught, Jones said.
Salinas said he’s worried that as he gets older, at some point the records might get mixed. The thief also took out dental care in Salinas’s name, prompting him to issue his family an unusual warning.
“I told my son, if I ever die and there’s only dental records, make sure it’s me,” he said. “I might be on vacation somewhere.”