Medical ID Theft - MIB Group, Inc.

The notion of identity theft makes most people think of stolen credit card numbers, but there are implications for medical identities as well.

Fortunately, a criminal who is predisposed to steal your medical identity would have little interest in pilfering your MIB consumer file. That's because your MIB consumer file (if you have one) doesn't contain a health plan member identification number, the precious data needed to obtain prescription drugs or medical services under your name and health plan coverage; in fact, it doesn't contain any personal identifiers, such as unencrypted Social Security numbers, driver's license numbers or account numbers.

While theft of your identity would likely impact your credit and run up some medical bills for uncovered services or copays in your name, it could also result in the addition of erroneous data into your medical file. Fortunately, there has been no sign that corrupted medical data has been incorporated into any MIB consumer files. It is possible to correct inaccuracies in financial and medical files by working with the creditors, healthcare providers and insurers that create and maintain them. However, your best bet might be to take preventive measures that should decrease the chance that you will get victimized in the first place.

An unfamiliar purchase on your credit card statement could be the first sign that your identity has been compromised. Identity thieves impersonate you to steal money, goods or services in your name. They may use your credentials to withdraw cash on your debit card or to fraudulently open new credit accounts.

Thieves use various methods to obtain your personal information. They purposely bump into you to snatch your wallet or simply steal the contents of your mailbox. You could also get victimized by a crime ring running a complex scheme, such as online phishing, where you are tricked by imposter e-mails or websites into providing account information. No matter how it occurs, your stolen identity will catch you off-guard, especially when a creditor denies your credit request or calls about unpaid bills. In the end, you may be left with a cloud over your credit history and bills incurred by your imposter.

If you are victimized by a financial identity thief, you should gather information about the crime, file a report with the local police department and cancel your compromised accounts. You should also contact the major credit bureaus (Experian, TransUnion and Equifax) to report the crime and provide copies of the police report. You could request that fraud alerts be placed on your credit files. You need only contact one of the three credit agencies because each is required by law to inform the others about the fraud alert. The initial fraud alert lasts for 90 days and can be indefinitely renewed. It notifies would-be creditors to use caution and due diligence if anyone tries to obtain credit in your name. The Federal Trade Commission has published a helpful guide for identity theft victims entitled “Take Charge: Fighting Back Against Identity Theft,” which can be found at www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm.

Safeguard Your Health Plan Membership Card

Wondering why your healthcare provider now asks for a form of identification along with an insurance card? Your credentials and health data could also get embroiled in a fraudulent scheme of medical impersonation, a variant of the more commonplace financial identity crime. An imposter could use your stolen health insurance information, and name, address, Social Security number or date of birth to seek treatment, buy prescription drugs, or make false claims for medical services. Medical identity thieves could steal your data by criminally posing as a healthcare worker or billing clerk, or they may even be part of a crime organization that steals medical identities using compromised data systems.

Medical identity theft can have perilous effects. For instance, if a thief obtains treatment under your name, erroneous data would likely be added to your medical records. After which, an emergency room physician could subsequently review your corrupted medical file and prescribe you inappropriate treatment based on the imposter's medical make-up. In doing so, a medical identity thief could also consume your limited health benefits.

Similar to financial identity theft, cleaning up a medical identity crime is complicated and time-consuming. You should immediately notify your health insurer, file a police report and, as appropriate, send copies of the police report along with a letter to inform insurers, healthcare providers and credit bureaus. Ultimately, you should have any errors in your various medical files corrected.

As a membership corporation of insurance companies that maintains a confidential database of individually identifiable information significant to underwriting applications for life and health insurance, MIB Group, Inc. ("MIB") is concerned about the problem of medical identity theft.

MIB is the largest, most successful cooperative effort to detect and deter insurance application fraud in North America. It operates the flagship MIB Checking Service, a shared, confidential, industry-wide database used in the individual underwriting of policies for life, health, disability income, critical illness and long-term care insurance. Its mission is to root out application fraud (misrepresentations on applications for insurance) and to prevent anti-selection, thereby helping to keep insurance premiums affordable for all consumers. This activity involves the authorized collection of underwriting information in coded form from its members, the secure maintenance of that coded information, and the authorized dissemination of it to MIB members.

MIB and its members are concerned with maintaining accurate and confidential consumer records in its database. Member insurers share the information they collect from their applicants, or information they obtain from healthcare providers with an applicant's authorization. When a member completes the underwriting of an insurance application, any conditions that have a material impact on mortality or morbidity are reported to MIB under broad categories of medical histories or conditions, and the conditions are only reported using MIB's proprietary and highly confidential codes.

Commentators have inappropriately recommended that consumers should contact MIB to review their "healthcare" records for evidence of identity theft. However, MIB only receives very limited data in coded form from member insurers, and does not receive the actual or complete details about an applicant's medical conditions. Certainly, your healthcare or insurance provider would have a more complete medical file for review. Again, MIB has very little identifying information about consumers for which it has files – no unencrypted Social Security numbers and no account numbers. Moreover, many consumers do not even have an MIB file because MIB receives and shares information solely from and with a member insurer, and only when you apply for life or health insurance with this MIB member and consent to this exchange. Therefore, consumers will only have an MIB file if they have applied for individually underwritten life, health, disability income, long-term care or critical illness insurance with a member insurer within the past 7 years.

Fortunately, MIB has found no evidence that its confidential and secure consumer database has been corrupted by medical identity theft. MIB has not been advised of any instances whereby a perpetrator received medical treatment using a stolen consumer identity, which resulted in erroneous medical data in an MIB file. There seems to be only one other conceivable, though highly improbable, way for an individual's MIB file to be corrupted by a medical identity crime. Since MIB members typically report adverse information, an unhealthy criminal would have to steal someone's identity and then apply for insurance with an MIB member using the victim's name. As a result of testing and examinations conducted by the MIB member on the imposter during the underwriting process, the MIB member would then have to report MIB codes (generally, this information is unfavorable) about the thief, thereby creating a "false" MIB record in the name of the victim. In contrast, impersonation crimes involving life insurance are customarily committed when a healthy imposter submits to testing and medical examinations as a substitute for an unhealthy co-conspirator who desires insurance on favorable terms and, therefore, wishes to be identified in the policy as the insured.

To maintain accurate records, MIB and its members operate in conformity with MIB's longstanding General Rules and the federal Fair Credit Reporting Act. Under the General Rules, each member insurer is obligated to promptly cancel, correct or supplement any codes reported to MIB when it discovers or otherwise receives information indicating that such report was inaccurate or incomplete. MIB also has a robust data quality program, and regularly audits members to ensure the quality of the consumer data reported. Further, each member insurer signs an annual pledge to warrant that it has "an adequate system for the complete, accurate and timely reporting of information to MIB using MIB's proprietary codes."

In compliance with federal regulation, MIB has policies for assisting identity theft victims should the need arise. Under the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which amended the federal Fair Credit Reporting Act, the principle obligation of a nationwide specialty consumer reporting agency like MIB is to block the reporting of any information in a consumer file that the consumer identifies as data resulting from an alleged identity theft. To comply with FACTA, MIB's Internal Procedural Rules acknowledge that a block may be imposed on a consumer's file at the consumer's request once four statutory requirements are met. Since FACTA became effective on December 1, 2004, no block has been requested or imposed on any consumer file in the MIB database.

If you recently applied for insurance to an MIB member company, you can easily check to see whether the company (or any other company to which you earlier applied for insurance within the past 7 years) accurately reported any medical information about you by getting a free copy of your MIB file ("Disclosure"). MIB is required to provide, upon request, free Disclosure to consumers once in a 12-month period, provided that the consumer uses MIB's "streamlined" process. The Disclosure letter advises consumers of their right to question the accuracy of the data in their MIB file, and to seek correction of it by writing to MIB and following the procedures set forth in FCRA. When consumers dispute the accuracy of any item on file, MIB will contact the reporting member insurer, which will then conduct an investigation to determine the accuracy and completeness of the disputed information. Member insurers follow MIB Internal Procedural Rules and the MIB Guide to Reinvestigation for cases of "disputed accuracy." Ultimately, the goal of the investigation is to help ensure that consumer data is accurate.

There are measures you can take to avoid falling victim to medical identity theft: