The Federal Trade Commission recently posted a frequently asked question designed to remind health care providers and health plans of their obligations when they become aware of medical identity theft. The FAQ describes medical identity theft as occurring “when someone uses another person’s name or insurance information to get medical treatment, prescription drugs or surgery. It also happens when dishonest people working in a medical setting use another person’s information to submit false bills to insurance companies.”
The guidance states that a complaint from an individual that he or she has been billed for services he or she did not receive should trigger an investigation and, where appropriate, correction of the records and notification of the correction “to everyone who accessed the patient’s medical or billing records.” The guidance further reminds health care providers and health plans that they may have additional obligations under the Fair Credit Reporting Act and the HIPAA breach notification and security rules.
The FTC seems to be taking a new interest in medical identity theft. The agency also recently published Facts for Consumers on Medical Identity Theft.