Are Your Patients Who They Say They Are? Preventing Medical Identity Theft

A dental professional can treat dozens of patients each day. Patients present, provide their information, get checked in and proceed with treatment. Do you ever stop to wonder whether your patients are who they say they are? 

A case study in medical identity theft 

In a case reported to TDIC’s Risk Management Advice Line, a patient presented for a root canal treatment. The patient provided a name, date of birth, phone number, insurance information and Social Security number. The dentist completed the treatment without incident and the office submitted a claim to the insurance company to receive payment for services rendered. 

The office staff realized they had been given false information when they received a call from the individual whose Social Security number and insurance information were used to obtain treatment. The caller questioned why his insurance was billed when he was not even a patient at that practice. The office tried calling the individual who was treated, but the woman who answered stated that there was no one there by that name. 

Once the office realized that they did not know the true identity of the individual they treated, they contacted the Advice Line for guidance. The Risk Management analyst advised the dentist not to release any information about the mystery patient to the individual whose identity was stolen. The analyst also recommended that the dentist file a police report and report the incident to the dental benefits plan provider. 

This case illustrates the unfortunate reality that medical identity theft has made its way into the dental office. And just as dental offices have an obligation to prevent financial identity theft by protecting patients’ personal data, so too do they have an obligation to prevent medical identity theft. 

A rising threat 

Medical identity theft is a growing menace. The Federal Trade Commission (FTC) informed consumers that reports they received of medical ID theft increased from 6,800 in 2017 to nearly 43,000 in 2021. On average, patients spent $13,500 to resolve a case of stolen medical identity. But the nonmonetary costs are even greater. Patients report a lack of trust in their medical providers for failing to protect their confidential data. 

According to the FTC, medical identity theft stems from several scenarios. The most common are data breaches within medical care providers, where thieves gain access to medical data systems, and “friendly fraud,” where someone known to the victim assumes his or her identity. Credit bureau Experian notes that about half of all medical identity theft happens among family members, with 24% of medical identity theft victims stating that a family member toothier medical credentials and used them without permission. Another 23% of those affected said they willingly shared their healthcare information to help a family member or friend obtain medical care. 

Another scenario is one wherein a thief targets unsuspecting individuals by posing as an employee of an insurance company, pharmacy or medical or dental office and asking for personal information, including plan numbers or Social Security numbers. Commonly, these thieves will make false offers of free or discounted care to encourage their targets to share protected information. 

Another source of medical identity theft is a dishonest employee who either steals patients’ private data to sell on the black market or allows uninsured friends or family members to use stolen identity to obtain free dental care. 

Steps to thwart identity theft 

It’s crucial that dentists know and trust their staff, says Taiba Solaiman, senior risk management analyst at The Dentists Insurance Company. Conducting comprehensive background screenings and random audits of charts and billing activity for any friends or family members who have been seen in the office can go a long way in catching and thwarting illegal activity. 

Preventing fraud begins at the front desk. Therefore, it is imperative to instruct employees to ask for photo identification as patients present. It is not a violation of HIPAA and, while it is not required, it is highly recommended. Most dental patients are already familiar and comfortable with providing photo identification when visiting their medical care providers. 

Some offices take photos of their patients, making it easier to identify patients when they arrive. Many dental software programs have built-in features to capture photos. If patients are hesitant to have their pictures taken, reassure them that it is only for internal use and will not be posted on social media or used for any marketing purposes. Let them know of your commitment to protect their personal information and prevent fraud. 

When training your staff on spotting possible fraudulent patient activities, some red flags to look for are: 

• Questionable or altered documents or signatures. 
• Information not matching with information previously collected. 

• Suspicious behavior, such as an inability to quickly answer basic questions. 
• Refusing to present identification or provide identifying information when requested. 
• Forms of identification that don’t match the description of the patient producing them. 
• An accompanying individual addressing the presenting individual with a different name. 

When a team member spots a red flag, it’s advisable to alert the authorities. Risk Management analysts caution that it is not advisable to refuse treatment; instead, inform the patient that there are discrepancies that need to be further investigated and then make other arrangements for payment until the issue is resolved. 

In addition, ensure that your practice team is trained to educate patients on best practices for keeping their private data private. For example, patients should be informed that your staff will never ask for Social Security numbers or dental benefit plan numbers over the phone, so if they receive unsolicited calls from people requesting this information, they should hang up immediately. Remind patients to carefully review statements from insurance companies to look for suspicious or unauthorized treatments or payments. 

Medical identity theft is a multifaceted, complex crime and it takes the diligence of all players — medical and dental professionals, patients, insurance providers and law enforcement — to halt its progress. And while dentists certainly aren’t expected to take on the role of crime fighter, there are simple steps they can take to ensure their patients and their practice remain free from fraud. 

TDIC’s Risk Management Advice Line is a benefit to TDIC policyholders. To schedule a consultation with an experienced risk management analyst, visit tdicinsurance.com/RMconsult or call 1.877.269.8844.