Nearly two million Americans had their medical identities stolen in the last year, according to a new survey from the Ponemon Institute. In more than half of those cases, it wasn't a data breach or cyber crook who stole the info, but a family member or other person the patient knew.
Medical identify theft occurs when someone uses a patient's name and identity to receive medical services, prescription drugs and other benefits, or to submit fraudulent billing.
Often, medical identity sharing comes from a place of compassion: 95 percent of respondents who shared information with a family member did it because the family member did not have insurance, and 100 percent of those who shared with non-family members did it for the same reason.
In total, 30 percent of respondents said the crime occurred because they knowingly shared their personal information with someone they knew, and 28 percent said a member of their family took the information without their consent.
"Unlike other forms of identity theft, the thief is most likely to be someone the victim knows very well," the study authors note. "Most cases of identify theft resulted not from a data breach but from the sharing of personal identification credentials with family and friends."
Medical identity theft increased 19 percent from last year, the survey found.
The survey also discovered that most patients are unaware of ill effects that can come from medical information sharing and identity theft. After having their medical identity stolen, 50 percent of respondents did nothing to prevent future theft.
In fact, medical identity theft can bring on both financial and health-related consequences — the survey found that 15 of the patients were later misdiagnosed when seeking treatment, 14 percent said there was a delay in receiving treatment, 13 percent said they received the wrong treatment and 11 percent said they received the wrong pharmaceuticals.
And while 64 percent of survey respondents said they did not experience any out-of-pocket costs as a result of the identity theft, 36 percent did pay an average of $18,660 because of the crime.
The survey notes that carefully looking at explanations of benefits for inaccuracies can help patients spot incidents of medical identity theft.
"First, individuals need to be aware of the negative consequences of sharing their credentials despite possible good intentions," the survey authors wrote in an accompanying commentary. "Second, healthcare organizations and government should improve their authentication procedures to prevent imposters from obtaining medical services and products."