Skip to content

Every few weeks or months, we see news stories about breach of data security in medical centers or health insurance companies. Most people hearing that probably just shrug, figuring it’s not as bad as breach of credit card or other financial data. Earlier this year, for example, Blue Cross Blue Shield of Georgia revealed that as many as 80 million customers of the Anthem Blue Cross had their account information stolen. My family and I were among them.

Most phackereople do not realize that breaches of medical data privacy can be just as expensive as a financial date breach and may involve other very serioius consequences.

A stolen medical ID be used by thieves:
  • to combine a patient number with a false provider number and file false claims with insurers
  • to fraudulently obtain medical services at your expense
  • to obtain fraudulent prescriptions for sale on the black market
  • to obtain medical services with the beneficiary’s consent. A substantial portion of identity theft is consensual between friends and family, although this may wane as more people acquire insurance under the Affordable Health Care Act.

So far, you might again shrug and wonder what real harm that might cause you. But there are other potential consequences of medical ID theft that hit closer to home:

  • for fraudulent withdrawal of your bank account funds or fraudulent use of your credit card use
  • denial of your medical insurance benefits because aggregate policy limits were exhausted by fraudulent use
  • denial of or increased premiums for your life or disability insurance based on inaccurate medical history
  • improper medical treatment to you based on inaccurate medical records
  • billings to you for a fraudulent medical bill
  • denial of employment to you if a background search discloses a disqualifying medical condition for a job, such as commercial truck driving

Individuals are not the only ones at risks. Doctors, hospitals and clinic can  have their medical provider identifiers stolen too.  The most common approaches are:

  • Thieves use a physician’s medical identifier to make it appear that the provider ordered health services
  • Thieves use physician’s medical identifier to make it appear that a physician provided and billed services directly even though the physician never saw the patients.  That can result in the IRS pursuing the physician for not paying taxes on income the provider is falsely recorded as having received.


Ken Shigley is an Atlanta trial attorney focused on serious personal injury and wrongful death cases. He is currently chair of the American Association for Justice Motor Vehicle Collision, Highway & Premises Liability Section. Previously he served as president of the State Bar of Georgia and chair of the board of trustees of the Institute for Continuing Legal Education in Georgia. He is lead author of Georgia Law of Torts: Trial Preparation and Practice and a board certified civil trial attorney of the National Board of Trial Advocacy.