A trend embraced by white-collar criminals is driving up health-care costs and creating nightmares for its victims. Medical identity theft is health-care fraud and ID theft rolled into one, and it's a crime that's expected to continue growing because it's easy to carry out and difficult to detect.
The first study on the subject, done by the World Privacy Forum (WPF) in 2006, estimates that medical identity theft accounts for 2.7 percent to 3.2 percent of total ID theft, which is reported to be the fastest-growing crime over the last seven years.
In November 2007, the Federal Trade Commission estimated the number of cases of medical identity theft at 3 percent of all ID theft cases. That's at least 250,000 medical identity theft cases per year.
Medical identity theft takes two forms: physician identification numbers that are stolen and used to bill for services, and patient identification information stolen and used to obtain services or to bill for services. The latter scenario is especially damaging to the victims who inadvertently could be treated based on someone else's medical history and who might, as a result, have a difficult time rebuilding their medical files.
There are fewer resources for victims of medical identity theft than for regular ID theft, and victims get little help from laws such as the Health Insurance Portability and Accountability Act (HIPAA).
"First, we know the unique physician identification numbers (UPIN) that are used to bill both private insurance and Medicare/Medicaid are frequently compromised, and we see that in our enforcement efforts," said Kirk Ogrosky, deputy chief of the fraud section for the U.S. Department of Justice. "There's a second part of that, and that's compromised patient information, which would be the Medicare number. That Medicare number goes across different federal programs and private insurance. We see identity theft in both areas, and it's prevalent."
At least 3 percent of U.S. health-care costs (about $60 billion) can be attributed to fraud, according to the National Health Care Anti-Fraud Association. Of that, 1 percent is attributed to medical ID theft - an ominous figure when the numbers are triangulated, according to Sharon Ormsby, section chief for the financial crimes section of the FBI.
"If you figure by 2012, national health-care expenditure costs for the country will be approximately $3 trillion, you look at the fact that the National Health Care Anti-Fraud Association conservatively estimates health-care fraud to be 3 percent to 5 percent of that expenditure amount," she said. "That's a significant amount of fraud, so we do have a strong interest in it."
Ogrosky said he began to see a trend in medical fraud schemes in 2003. He said the schemes run for 90 to 120 days then vanish. That's because by the time victims notice irregularities in the explanation of benefits (EOBs) they receive from their health insurers, the thieves have moved on.
"These schemes really started to pop onto our radar around 2003 and 2004," Ogrosky said. "Since that time, they've grown, stealing from our federal programs to the tune of hundreds of millions of dollars, potentially billions of dollars. I've heard different estimates. There's no real way to quantify the amount of fraud that we don't yet know about."
Medical identity theft can be a profitable venture, and it's not that hard to pull off for someone who's in a position to download large amounts of digitized medical data. In September 2006, police arrested a clerk at a medical clinic in a Weston, Fla., hospital who stole the medical IDs of 1,100 patients and sold them. The numbers were subsequently used to bill Medicare for $2.8 million in false claims.
In another case, police arrested 38 people in Miami-Dade, Fla., in May 2007 and charged them with $142 million in Medicare fraud. The suspects had purchased or stolen medical ID numbers, and billed the government for