New compliance resource for health care providers and health plans

Share This Page

If you work in the health care or HR field or have clients who do, you’ve probably run across it. A patient complains about a bill for medical services they didn’t receive. An employee who rarely goes to the doctor gets told they’ve reached the limit on their health benefits. Someone gets denied coverage because their medical records show a condition they don’t have.

Although most people associate identity theft with financial transactions, it also happens in the context of medical care. It’s tough enough to fight back when someone fraudulently runs up bills in another person's name. But at its most serious, medical identity theft can lead to inaccurate medical records, delayed treatment, misdiagnosis — and worse.

A new free resource from the FTC, Medical Identity Theft: FAQs for Health Care Providers and Health Plans, offers a prescription for companies trying to minimize the risk and help patients who’ve been victimized. Pass along the link to the FTC's announcement or download the brochure and distribute it to employees and clients.

The FAQs answer the questions on health care providers’ minds, including:

What should we do if we learn that medical identity theft has happened? The new brochure offers advice on conducting investigations, understanding your obligations under the Fair Credit Reporting Act (FCRA), providing any necessary breach notifications, and reviewing your data security practices.

What should we tell a patient who’s been a victim? The publication gives practical tips to help your patient correct medical, billing, and financial records by exercising their rights under HIPAA, notifying their health plan, filing a complaint with HHS or FTC, and monitoring their credit report for free at for other forms of ID theft.

How can we help patients deter, detect, and defend against medical identity theft? Like in medicine, the watchword these days is prevention. The FTC has a just-the-facts free brochure (also available in Spanish) for consumers with tips on reducing the risk of medical identity theft. Link to it on your website. Talk to your HR staff about getting it into employees’ hands. Tuck it into bills or statements. Run a feature in your patient or client newsletter. Make free copies available in waiting rooms, pharmacies, and other places where patients may have a few free moments. They’ll appreciate your concern for their well-being — body, mind, and identity.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.