Skip to main content.

Medical and Other Identity Theft  


Medical identity theft and criminal identity theft share the same underlying cause that enables financial identity theft; namely, stolen or lost personal information is used by the identity thief to impersonate someone else.     

One source of information on medical identity theft is the World Privacy Forum, and their repository of medical identity theft information can be found here.  When a person seeks to impersonate someone else to obtain medical services using the stolen identity, often the impersonation takes place at a hospital or other medical facility.  If that is the case, the medical identity thief either presents a fraudulent identity document that appears to be legitimate, such as a driver's license or insurance card, or else claims an identity using personal information only.  In either case, there may be a financial aspect to the identity theft, if fraudulent charges are incurred.  The victim of this identity theft will then be billed for medical services he/she did not use.  In addition, the victim's medical history will likely be contaminated with false medical information that pertains to the thief.

As patient records become increasingly converted to electronc records, the potential for medical identity theft may increase unless proper authentication procedures are used for access to these records.  

In the case of criminal identity theft, the thief uses false identity information, or a fraudulent identity document, when identifying himself/herself to the police or other law enforcement organization.   As with medical identity theft, this type of identity theft is likely to occur in-person, and not onlline or over the phone.  The Privacy Rights Clearinghouse has more information about criminal identity theft here.

As for better identity authentication to prevent these forms of identity theft, the problem has not received as much attention as financial identity theft has.  There are no fraud alerts or security freezes that can help in these cases, since credit bureaus are not typically involved.   If the identity theft is perpetrated by a fraudulent identity or insurance document, the authentication problem becomes one of verifying the validity of the identity documents.  If information alone is used to impersonate someone else, the problem is more difficult.  In that case, it seems that the only alternative may be to require some other form of identification at a later date to verify the claim of identity, or the use of knowledge-based authentication that depends on information maintained by commercial databases.