After HCA Healthcare announced this month that the personal identification data of roughly 11 million HCA patients in 20 states had been exposed in a breach, people may be justifiably concerned that their own medical data and identities could be stolen.
Consumers should realize that such “medical identity” fraud can happen in several ways, from a large-scale breach to individual theft of someone’s data.
Just ask Evelyn Miller. The first sign something was amiss was a text Miller received from an Emory University Hospital emergency department informing her that her wait time to be seen was 30 minutes to 1 hour. That’s weird, she thought. She no longer lives in Atlanta and hadn’t used that hospital system in years. Then she got a second text, similar to the first. Must be spam, she thought.
When she got a call the next day from an Emory staffer named Michael to discuss the diagnostic results from her ER visit, she knew something was definitely wrong. “It amazed me someone could get registered with another person’s name and no ID was checked or anything,” Miller said.
And while the name and date of birth the staffer had on record for her were correct, Miller’s address was not. She now lives in Blairsville, Georgia, a few hours north of Atlanta. Michael said he’d correct the problem. The next week, she got a bill from Emory for more than $3,600.
After an unsatisfactory conversation with someone in the hospital’s billing department, Miller sent a letter to the hospital’s privacy officer. Miller recalled writing: “I think there’s something going on, that someone is using my information, and the visit and the charges appear to be fraudulent.”
When contacted, Emory Healthcare spokesperson Janet Christenbury declined to comment on Miller’s case specifically but did say, “We take these matters seriously and work with our teams to ensure our processes and procedures are followed.”
Read the full article here
