Skip to content

Identity Theft: the New Targets! Protect Your Practice, Patients, and Family

[ Practice Consulting ]


It continues to be the fastest growing crime in America.

Whether using somebody’s social security number to open new accounts or illegally hacking into a bank account, all forms of identity theft can be serious and have different outcomes. Identity theft is not a new problem, but because so much of our personal information is stored electronically these days, this crime is happening more often, especially to children. Currently, the fastest growing segment of victims is children.



Identity theft occurs when criminals unlawfully gain access to someone’s personal information and steal it for their own financial gain. The dictionary defines identity theft and identity fraud to describe all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. In the past, identity theft meant having your wallet or purse stolen and your credit cards, driver’s license, or other similar identification being used without your permission. Since the 1990s, technology advances have made it easier for criminals to steal identities. The emergence of search engines and heavy reliance on the Internet turned identity theft into a mainstream societal issue. Thieves have easy and unlimited access to personal information. In today’s world of technology, the scope has broadened to include electronic theft of key personal information such as your Social Security Number, banking information, PIN and credit card numbers. An unauthorized party uses your information to obtain fraudulent credit products, loans, credit cards, tax refunds, health insurance or to assume other types of financial responsibility in your name.


The first-ever recorded case of identity theft was reported in the first book of the Bible between twin brothers Jacob and Esau. The younger Jacob posed as his older brother, Esau, in order to steal Esau’s blessing.

In the days of the Wild West in the 1800s, outlaws killed people in order to steal their names and life stories and then assumed their new identity to stay one step ahead of the law. A little later in the 1920’s, mobsters in trouble with the law murdered people to steal their legal documents and establish a new identity. Even in the early 1900’s shortly after Women’s Suffrage and other voting rights increased, identities were stolen to stuff ballots at the polls. After the Prohibition in the 1930s, when individual states set their own legal drinking ages, young drinkers in states with more restricted access to alcohol acquired their potions using either identity theft or fake IDs.Many forms of personal identity theft exist. One of the more extreme cases led to the death of a patient:

Gerald Barnbaum, a pharmacist, had his pharmacy license revoked following Medicaid fraud charges in 1971. He then posed as a medical doctor between 1976 and 2000. When he moved to California in 1976, he legally changed his last name to Barnes. There, he stole the identity of Dr. Gerald Barnes, a licensed medical doctor in Stockton, CA and worked as a physician in the Los Angeles and Southern California area for three years. In 1979, his negligence and lack of medical knowledge contributed to the death a 29-year-old undiagnosed Type I diabetic from Anaheim who had presented with the classic signs of Type I diabetes. Barnbaum misdiagnosed and treated him for vertigo. Blood test results a few days later revealed his blood glucose content to be severely hyperglycemic. Unfortunately, he was found dead in his apartment that same day.

Believing that a real doctor would have never missed such obvious symptoms, an assistant at the clinic suspected that Barnbaum was impersonating a physician. In 1980, Barnbaum was charged with second-degree murder, but plea-bargained the charge down to manslaughter and practicing without a medical license. He was sentenced to three years and four months jail. After serving only 19 months, he was paroled. Despite his responsibility for a tragic death, Barnbaum continued to fraudulently practice medicine while still on parole.

He was convicted of grand theft and forgery and sentenced to three years and four months jail after briefly serving as a referral doctor. Barnbaum was able to continue his fraudulent practices because the state medical board never flagged the real Dr. Barnes’ file. Barnbaum encountered his third conviction in 1989 for stealing the identity of a San Francisco pharmacist named Donald Barnes. He was again arrested in 1991 for parole violations and released soon afterward.

Barnbaum continued to pose as a physician, working four and a half years in several Los Angeles medical facilities. He earned more than $400,000, while the various medical facilities billed insurance companies and individuals approximately $5 million for his services. In 1995, Barnbaum was hired as a staff physician at a Los Angeles clinic that handled physical checkups on FBI agents. Depending on the source, Barnbaum performed physicals on between 70 and several hundred FBI agents each year. When a new investigator for the state medical board inherited the Barnes case and questioned him, his fraudulent identity was once again exposed. Discovery revealed that Barnbaum had misdiagnosed several patients and dispensed incorrect medications, in some cases causing patients to lose their jobs. Rather than risk the possibility of spending the rest of his life in federal prison, Barnbaum pled guilty to mail fraud, unlawful dispensing of controlled substances and fraudulent use of a controlled substances registration and received a ten-year prison sentence. The health clinic was sued for battery, sexual battery, and medical malpractice during Barnbaum’s tenure there and agreed to pay $9.2 million in damages to nearly 500 plaintiffs.

In 2000, Barnbaum escaped from a prison van during a transfer to another prison and again began working as a physician. The FBI captured him 4 weeks later. He was sentenced to an additional and cumulative 12 years and six months in prison (10 years for fraud and two years and six months for escaping custody). Barnbaum is serving his sentence at the Federal Correctional Institution, in Pennsylvania, and is scheduled for release in 2018. Barnbaum’s fraudulent activities caused the real Dr. Barnes to spend several years repairing his credit and his reputation.



Have you or someone you know had to deal with addressing and correcting the damage from someone illegally obtaining your personal financial information and using it to fraudulently drain your bank account or run up charges on credit cards in your name? When credit cards became popular in the 1960s, criminals had a new incentive to commit identity theft – financial gain. In 1969, Frank Abagnale, a professional identity thief, was arrested after impersonating a Pan Am pilot and netting nearly $6 million from forged checks. Interestingly, only 28% of identity theft cases involve credit or financial fraud.

Setting credit accounts back to normal can be a troublesome and time-consuming. However, for the most part, your money is protected under the Fair Credit Billing Act. You are only liable for $50 of unauthorized charges on a credit card if you follow simple notification steps. In addition, there are defined reimbursement rules if money is illegally withdrawn with a stolen ATM or debit card.



  • You see withdrawals from your bank account that you cannot explain.
  • You do not receive your bills or other mail.
  • Merchants refuse your checks.
  • Debt collectors call you about debts that are not yours.
  • You find unfamiliar accounts or charges on your credit report.
  • The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer for whom you did not work.



Child identity theft is a crime in which criminals have specifically stolen children’s personal data such as their name, Social Security Number (SSN), and date of birth. Today, children comprise the fastest-growing segment of identity theft victims.

The statistics are alarming:


  • Children are victimized 35 times more often than adults.
  • 10% of children have had someone use their SSN.
  • There are 500,000 new cases of child identity theft each year.
  • 1 in 40 households with minor children (under age 18) had at least one child whose personal information was compromised by identity criminals. (Source: The 2012 Child Identity Fraud Report, sponsored by the Identity Theft Assistance Center (ITAC) and conducted by Javelin Strategy & Research)
  • People who know the children (including their own parents) commit 27% of child identity thefts in the US.
Clearly, this is a growing problem. Parents must be aware and vigilant to protect their child’s information. Children are being targeted more because a breach of their information is more difficult to detect. After a child is born, most parents apply for a Social Security Number. Because an SSN is all that is required to open most new credit accounts, children make an easy, tempting, and more lucrative target for identity thieves. Child identity theft typically involves the creation of new accounts. In most cases, child identity theft is not discovered until the child applies for a driver’s license or first job. In addition, most parents do not check to see if their child has a credit record or history. Therefore, the crime can go un-detected for years.


When an unauthorized person makes unauthorized purchases on an adult’s credit card, most banks will contact the card-member as soon as they suspect suspicious activity. However, when an unauthorized person uses your child’s name successfully to obtain a credit card, it is highly unlikely that anyone will contact you. Criminals target children as they have clean credit records, making it easy for the criminal to create new accounts. As far as the bank or credit bureau is concerned, the false identity is real because thieves use a child’s clean slate to establish a new credit history. This makes it easy for identity theft to go undetected and can create serious consequences for the child. Theft and abuse of a child’s information may go undetected for up to 18 years before the theft is discovered.

Identity theft could affect your child’s future credit and employment history if the thieves (who sometimes turn out to be family members) obtain credit accounts or even get jobs using your child’s identity. It could be years until a child applies for credit in his/her own name. If the thieves are arrested for other crimes, those crimes could become associated with your child’s legal record.


A child’s identity can be stolen either by using a pre-approved card offer stolen from a mailbox or by creating a “synthetic identity” and applying for a new card. The most common method of child identity theft occurs when criminals create what is known as a “synthetic identity,” a process whereby crooks combine a child’s SSN with a different date of birth. Using an actual SSN, the most crucial piece of every American’s identity, confuses the credit issuers into thinking it is a new person.

Identity theft is committed by two categories of people – people who know the child and complete strangers. Parents under financial duress have been known to “borrow” their child’s identity information. In these situations, the parents are unable to pay their own bills and have developed poor credit. They use their child’s information to create a new credit profile. These illegal activities may include using their child’s name to open a new account to have utilities such as gas and electric turned back on after they have been disconnected. Unfortunately, the problem persists and expands to other utilities such as having cable turned on and may even progress to the purchase of big-ticket items. The spiral continues, as they are unable to pay the new accounts under their child’s identity, ruining their child’s credit and setting him/her up for future problems.

It is highly likely that the rate of child identity fraud is much higher than any of the studies and surveys reveal. To start the lengthy process of cleaning up their records, the victim must file a police report; children may be unwilling to report their own parents.

Identity thieves who do not know your child account for 73% of the other reported child identity thefts. Sources where these perpetrators may obtain your child’s personal information include school forms, taxes, and the doctor’s office. Your child’s information may or may not have been stored securely. Even customs forms filled out when traveling abroad have been found in the wrong hands. Internet security breaches can also lead to personal information being stolen or leaked.


As parents, we have to consider and take child identity theft very seriously. When an adult’s identity is stolen, his/her credit history may be compromised for several years. Consider the repercussions of your child going to apply for his/her first driver’s license only to discover a history of hundreds of dollars in unpaid tickets. Perhaps your child has a bad credit report before he/she is even old enough to read. Even worse, consider a scenario whereby someone in your area has stolen your child’s information for medical records.

The FTC recommends that parents check to see if their child has a credit report when he/she turns 16 to avoid any unpleasant surprises. If your child visits the same clinic where the identity thief has had a medical procedure, it is possible that the thief has provided incorrect and inaccurate health information into your child’s medical record. For example, the blood type, history of allergies to medications, and list of current medications may be altered to reflect those of the thief rather than your child’s. Parents must safeguard their child’s future by learning how to stop identity theft before it happens.



  • Your child receives suspicious mail, including pre-approved credit cards and other financial offers normally sent to adults, in his/her name.
  • You try to open a financial account for your child and discover that one already exists, or the application is denied due to a poor credit history.
  • A credit report already exists in your child’s name. If this is the case, your child may have been targeted already, since only an application for credit, a credit account, or a public record initiates the compilation of a consumer credit file.



CREDIT REPORT: First, get a credit report for yourself and your child. If your child’s identity has been compromised, chances are your information may have been stolen, too. By law, you are entitled to a free copy of your credit report once a year. Go to and follow the instructions.

If your child has no credit history, most likely everything is all right. However, anyone under 18 years of age and has a credit history, most likely been victimized. In this case, contact one of the credit agencies (TransUnion, Equifax, or Experian).CREDIT ALERT: Next, place a 90-day credit alert on your child’s file. This requires them to contact you before issuing credit in your child’s name. (NOTE: You must renew this request every 90 days on your own.)POLICE REPORT: Third, contact the police and file a report.CREDIT CARD COMPANIES: Request each credit card company to place a note on your child’s file stating that the “account was closed at consumer’s request”. Follow up with each credit card company in writing.KEEP A JOURNAL OR LOG: It is very important to keep detailed records or a log of everything that happens as you attempt to undo the damage. You can also request the credit agencies to scan and search their database manually to look only for SSNs instead of your child’s name. This may give you the opportunity to catch the criminal, even if he is using your child’s SSN to create a synthetic ID. You can also notify the Federal Trade Commission (FTC). They can keep track of more thefts.


Many parents are surprised when they first hear about how easy it is for their child’s identity to be stolen, and how long it can take before the crime is discovered. Ultimately, you are your child’s best protection against identity thieves.

Lawmakers are aware of the problem, and have initiated strategies to help protect children:


  • 2011: The Foster Youth Financial Security Act signed by President Obama allows children in foster care (16 and older) to receive free credit checks and get help correcting inaccuracies before leaving the foster care system.
  • 2013: A new law took effect in Maryland that allows parents to take control of their child’s credit until he/she turns 18. Maryland State Delegate Craig Zucker says the law was “…the first time parents or guardians can proactively contact any of the three credit agencies (TransUnion, Equifax, or Experian) and freeze their child’s or dependent’s information to protect against identity theft.”
While you may hope that your child’s identity will never be stolen, a bit of preparation could help prevent it from happening.



One of the first things you do as a parent is to obtain a SSN for your child. This is the key to his/her identity. Thieves can use it to unlock many financial doors. Unfortunately, a stolen SSN can be used to get a cell phone, a credit card, a bank loan, and even health insurance.

Parents need to be very careful with whom they share their child’s SSN. The less it is used/shared, the better. Many organizations that ask for the SSN do not need it. It is standard on almost every form parents fill out for their child.

  • Ask if they really need the SSN and how it is going to be used.
  • If your school or doctor’s office requests it, just say “no”.
  • Do not give your child his/her Social Security card to carry.
  • Do not carry your child’s Social Security card in your wallet.
  • Take letters with personal information to the post office rather than leaving them in a mailbox to be picked up by the mail carrier. (Identity thieves target mailboxes.)
  • As an extra precaution, send any forms with SSNs via registered or certified mail, which requires the recipient’s confirmation signature.


Keep a close watch on the privacy policies and procedures with these entities:


  • Hospital records and physicians’ offices
  • School records
  • Day care centers
  • Social media
  • Sports team applications
  • Immunization records
  • Any type of public record where the child’s name, SSN and date of birth are required




  • Shred any mail addressed to you or your child before throwing it away.
  • Watch for preapproved credit offers, bills, or collection notices in your child’s name. These are red flags that someone may be using his identity. Try and trace the offer back to the source and demand that your child’s name be removed from the mailing list.




  • Install software to thwart hackers (for example, Norton Internet Security)
  • Avoid keeping sensitive data on your computer. Instead, store it in a secure location, such as in a safe or on an encrypted flash drive.
  • Set up passwords for your cell phones, tablets, and computers. Do not use the same password for all the devices.
  • Install an app featuring a GPS tracker and a remote data-eraser that can wipe out any information stored on the device, such as Lookout (free for iPad, iPhone, Android, and Kindle; in case the device is lost or stolen.



Your child’s first bank account is a smart place to deposit savings bonds or checks, however, opening a savings account can also open the door to identity theft. With an account in his/her own name, bank statements will be delivered via snail mail or e-mail. Someone could get the account number and access to your child’s cash. Even worse, they might also use your child’s account to do other business with the bank. For example, they could secure a loan, not intending to pay it off. Any disreputable financial activity in your child’s name will be reported to credit agencies, leading to a poor credit score. This is extremely difficult to clean up even under the best of circumstances.

  • Set up a joint account so that no one can access your child’s account without your approval.
  • Opt out of receiving any marketing materials to avoid having your child receive credit offers in the mail.
  • Monitor your mail carefully for any credit offers sent directly to your child. Again, if any credit offers are sent to your child, it is a red flag for child identity theft.
  • If you do get one or more of these offers, shred them immediately.
  • Check your child’s credit report immediately.



It is becoming more and more common for young children to have e-mail accounts of their own. Youth and teens may be required to have email addresses through their school. Criminals seize this opportunity to ask an unsuspecting child for phone numbers, addresses, and even credit card numbers. Your child may not realize how dangerous it is for information to be readily issued.

  • Keep your child’s email account password to yourself and your partner so that your child cannot log in when you are not around to supervise.
  • Only create accounts on kid-safe e-mail services (such as or that can help protect your child’s info and allow you to monitor accounts.
  • Do not allow children younger than 10 to have a private password.
  • Consider using a service like Gmail that offers password recovery to be texted or sent to a different e-mail address.
  • For extra security, create a whitelist, a list of approved e-mail addresses from trusted family and friends, from whom your child can receive messages.
  • Teach your children basic computer security practices.
  • Instruct your child not to click on unfamiliar links in e-mails.
  • Instruct your child never to download any content from unknown or distrustful sources.
  • Avoid logging in to your accounts on public computers, as this is a common way for passwords to get stolen. Instill this practice in your children.



Children today are becoming more and more independent at much earlier ages than any other previous generation. Many have their own smartphones and are requesting their own social media accounts. The Children’s Online Privacy Protection Act (COPPA) prohibits social media sites from asking anyone under age 13 for any personally identifiable information, such as names and e-mail addresses. However, some Web services have been created specifically for children under the age of ten. For example, with Virtual Piggy (, parents can set up a controlled shopping and savings account for their children.

Teenagers are legally allowed to access nearly every social media network. Parents must teach their children and teens at an early age the importance of protecting personal information. Children/teens need to understand that whatever information they share can be viewed by anyone. Parents must teach what information is private and what information can be shared. Children need to understand the risks of posting or sending confidential information as well as embarrassing (or illegal) photos.

  • Parents should keep the passwords and not share them.
  • Teach children that the price of having their own social media profiles is that the parent must be able to access their children’s accounts whenever they choose.
  • Teach your child/teen to never give out his/her full name, birthday, phone number, or house address to anyone online.
  • User names should not identify the child in any way.
  • Passwords also should not contain any personally identifying information (SSNs, birthdays, phone numbers, house addresses, or legal names).
  • Create a strong password that includes a combination of letters (both capitalized and lowercase), special characters, and numbers.
  • Change the passwords frequently on all of the sites utilized. (Changing passwords on a monthly basis can help keep information safe.)
  • Never use the same password for other sites. (This protects all of your other accounts in the event that one is hacked.)
  • Monitor your child’s online usage closely, as well as his/her social-media use.



You can request a copy of your child’s credit report for free at all three credit bureaus once each year. If you suspect your child’s identity has been stolen or simply wish to engage more precautionary measures, these 3 ID-protection services may be worth the fee, for your peace of mind.

They monitor your credit report and will help you resolve problems if your child becomes a victim:

Identity Guard Kid Sure: tracks data sources (including the DMV and criminal and utility records) for misuse of SSNs. The cost is $15/month/adult plus $10/month/children.

TrustedID ID Essentials: has anti-phishing software and anti-spyware. It also helps stop credit offers from flooding your mailbox.$28/month for unlimited family members;

Equifax Complete Family Plan: Provides ID protection, credit scores and a profile from all three bureaus each year.$30/month (covers 2 adults and up to 4 children)


Medical identity theft occurs when a perpetrator uses a victim’s name, health insurance information, or identifying information to see a doctor, get prescription drugs, file health insurance claims, or get other care. Unlike other types of identity theft, the thief does not need your Social Security number to commit medical identity theft. Access to your name, date of birth, and address is enough to commit the crime and wreak havoc in your life. Anndorie Cromar knows all too well the ramifications of having one’s medical identity stolen. A pregnant woman used Cromar’s medical identity to pay for maternity care at a hospital in Utah. When the infant was born with drugs in her system, officials from Child Protective Services (CPS) assumed the infant was Cromar’s baby. Cromar says the state, unaware of the medical identity theft, threatened to take her own four children away. Cromar was only able to get her name off the infant’s birth certificate after taking a DNA test. However, it took years to get her medical records corrected. Cromar said the most terrifying thing she has ever experienced in her life was getting the call from CPS and hearing them say, ‘We’re coming to take your kids.”

Your personal health insurance information, including your Social Security number, date of birth, residence address, and email address are valuable and vulnerable pieces of information that require strict protection. When thieves gain access to your data, they may use it to steal expensive medical services, surgeries, and prescription drugs. Some have even procured expensive medical devices and equipment such as wheelchairs. Your medical identity is your precious commodity that, when in the wrong hands, can be hijacked and used to fraudulently file insurance claims or acquire government benefits (Medicare or Medicaid). Your personal medical information may also be sold on the black market, where it can be used to create entirely new medical identities based on your data.

Medical theft is increasing and easy to commit. Up until just recently, medical information was kept in paper files. The emergence of electronic health records and electronic data traveling through all kinds of devices and networks provides a virtual component to your medical record that is harder to lock down. That, plus details you share online, increases the likelihood that the wrong people could gain access to your medical information. If your medical identity is stolen, your health may be endangered when you seek your own medical treatment, as the thief may have altered your medical records to reflect his/her health conditions, blood type, and medical history.

A far more dangerous problem with medical identity theft exists when the thief’s own medical treatment, history, and diagnoses get combined or confused with your own electronic health records. This can taint and complicate your care for years to come. Many victims report that they were given the wrong diagnosis, treatment, medication and that their care was delayed due to the confusion about what was true in their records due to the identity theft.

Big data breaches in the medical care industry have been on the rise over the past decade. For example, when the big health insurer Anthem was hacked in 2015, nearly 70 million of its records were reportedly stolen. In addition, because hospitals have to treat emergency patients quickly, inaccurate medical and insurance information can make its way to the billing department before identity theft is detected.The large amounts of personal information contained in your medical records can leave you vulnerable to identity theft and in need of identity protection. When an identity thief uses your name or health insurance number to obtain medical care, the thief’s health history may get mixed into yours. This has serious potential to cause problems with your medical treatment, health insurance, payment records, and even your credit report. Moreover, an identity thief with access to your medical records can gain access to a host of other personal information, causing problems in other aspects of your financial life.

You must keep a vigilant watch on your health records to guard against identity theft protection. It is equally as important for your recovery from medical identity theft to act fast if you discover that someone has used your information to seek medical attention, have a medical procedure, obtain prescription drugs, or file an insurance claim.


Certain segments of the population are more likely to be targeted for medical identity theft. Identity thieves consider the Social Security number on Medicare and Medicaid cards an opportunity for medical and all other types of identity fraud.

  • Older adults’ vulnerability, naiveté, and more trusting attitudes when giving out personal health information, making them more susceptible to identity theft scams.
  • Criminals also aggressively pursue children’s health records. Unpaid medical bills may show up on the child’s credit report but is not usually seen by parents until a child is old enough to secure credit in his or her name. This allows the crime to go undetected for many years.



  • Patients who frequently access the healthcare system such as pregnant women and new mothers, surgery patients, and patients with chronic or serious diseases such as diabetes or cancer are especially vulnerable to medical identity theft. They have many more encounters with the healthcare system, thus providing more opportunity for their records to be breached.



  • Identity thieves also track and target millennials who post or publish a lot of personal information on social media sites and apps. Criminals are good at aggregating social media information and pairing it with health and other personal data (addresses and dates of birth) for a new identity.




  • Mistakes in your medical record
  • A bill for medical services you did not receive
  • A call from a debt collector about a medical debt you do not owe
  • Medical collection notices on your credit report that you do not recognize
  • A notice from your health plan saying you have reached your benefit limit



  • A denial of insurance because your medical records show a condition you do not have



Medical privacy standards like the Health Insurance Portability and Accountability Act (HIPAA) might initially prevent you from accessing medical records if the providers are trying to protect the rights of the identity thief. You will need to provide proof of your identity and documentation of identity theft. You have a right to access your records, and you can appeal if they are not provided.

  • Contact every health care provider where your personal information was used: doctor’s offices, clinics, hospitals, pharmacies, etc. Obtain copies of your medical records and review to identify any errors or discrepancies.
  • Determine which information the thief used to access medical treatment, such as your Social Security or health insurance policy numbers.
  • Send all information documenting the identity theft to the medical billing departments and collection agencies involved by certified mail with a return receipt.
  • Request a copy of the “accounting of disclosures” from your health plan and medical providers. This will show where copies of your medical records have been sent.
  • Contact all parties that have received your erroneous records.
  • Send a request, in writing, to your medical and insurance providers to correct your medical record. You will need to prove that your medical record contains invalid items by certified mail with a return receipt.
  • Report your case to the Federal Trade Commission, which manages all types of identity theft.
  • File a police report with the department that has jurisdiction in your case.
  • Apply a fraud alert or credit-freeze to your credit files with all three credit-reporting agencies.
  • Log or record all communications you have during the troubleshooting process.
  • Maintain a file with copies of all letters received and sent.
Current consumer protections are not specifically designed for medical identity theft. Experts warn that people need to understand they may have to do extensive work on their own to clear up fraudulent bills. Some frustrated victims of medical identity theft simply give up and pay the bills themselves.



Experts say discovering the fraud is the most difficult part of dealing with medical identity theft. Detecting medical fraud is more difficult to unravel than financial fraud. With financial fraud, banks alert you when certain charges in the system raise an alarm. Consumers need to be smart and careful about with whom, how and when they share their personal, medical, and insurance information.

A few basic ways you can safeguard your medical privacy and identity:


  • EOBS: Read those explanations of benefits letters as if they were bank statements.
  • Carefully check all of the correspondence you receive from health insurers and healthcare providers for accuracy.
  • Check all bills of service and question any charges that you do not recognize.
  • Review your credit reports for unfamiliar debts.
  • Guard your personal health information, Social Security card, and insurance cards. When someone asks for them, inquire whether it is truly necessary.
  • Do NOT post news of any upcoming surgeries or procedures on Facebookor other social media outlets. Criminals can take your announcement of your upcoming knee replacement, pair it up with other information he/she can easily find about you online, and create an exploitable personal profile.
  • Always ensure that your records are up to date regarding your health insurance and billing details at every appointment and with each provider.
  • Regularly ask your health insurance provider for a record of the benefits that have been paid in your name.
  • Only disclose your personal information to legitimate sources. Be aware that identity thieves can impersonate medical personnel, including doctors, pharmacists, and insurance professionals.
  • Do not use your Social Security number on your records. Instead, request your medical and insurance providers to assign you a unique personal identification number.
  • Do not reveal medical or insurance information by phone or email unless you initiated the contact.
  • File paper and electronic copies of your records in a secure location, and shred any outdated medical documents, especially old prescription labels.



Nearly half of medical identity theft occurs when a family member takes a relative’s health insurance card or other identification. Gary Bogle stole his brother’s identity for more than a decade in order to get healthcare. Ronnie Bogle, Gary’s unsuspecting brother, was completely unaware that his brother had been stealing his identity and using it across several states. Gary would move to a new town or city, purchase a picture ID, then present the ID, along with Ronnie’s Social Security number to get medical treatment. Gary often claimed to be uninsured when seeking care. After he was treated, the bills were later sent to his given address, not Ronnie’s.

Ronnie discovered the crime after applying for a new credit card and being turned down. He says his credit report contained listing after listing of unpaid debts, all from his brother’s medical visits and treatments through the years. Gary was eventually arrested and pled guilty to 10 counts of criminal impersonation. He faces more charges in a neighboring state for allegedly stealing his brother’s identity there. It took two years for Ronnie Bogle to clean up his credit and get his brother’s medical bills off his financial record. According to a survey conducted by the Ponemon Institute, a private cyber­ security research firm, 24% that reported that their identity was stolen by a relative without their knowledge or consent.

Many victims of medical identity theft know exactly who is responsible for the crime and how it occurred. In fact, 47% of respondents said that a relative or someone else they knew perpetrated their identity theft. Contrary to Ronnie Bogle’s story, many people outright share their own medical coverage with an uninsured friend or family member in need of care. (They do not know that this is against the law.) Nearly 23% of respondents willingly shared their health information or identification credentials with someone they knew.

This crime is referred to as “friendly fraud.” Those who said they shared healthcare credentials reported that it was because either the other person had no health insurance or could not afford medical treatment. Most said it was done during an emergency-type situation. Most of the people who willingly allowed someone they know use their medical information did not consider their actions wrong or criminal. They were unaware of the cost burden to insurance companies, healthcare providers, and ultimately consumers.

Allowing a friend or relative to use your medical insurance is illegal and considered an act of fraud against insurance companies and healthcare providers. Anyone who wrongfully shares Medicare or Medicaid benefits commits a crime against the federal government and state programs. Identity theft/fraud costs the medical industry billions of dollars each year. An estimate in 2012 put the total economic impact of medical identity theft in the US at $41.3 billion.

We have much more to do to safeguard consumers from medical identity theft. Medicare cards soon will no longer bear Social Security numbers. Providers are working on new strategies to prevent it in their practices. For example, they are using software to detect fraud in billing, training staff and consumers to recognize warning signs and asking for photo IDs. Hospitals, clinics, and private practices are implementing the use of fingerprints or palm prints for more extensive verification screening of patient identification and protection.


Identity theft also includes the use personal information to file tax returns to fraudulently claim tax refunds. In tax-related identity theft, the criminal generally will use a stolen SSN to file a forged tax return and attempt to get a fraudulent refund early in the filing season. Victims of tax fraud/identity theft are unaware of the theft until they file their return later in the filing season and are notified by the IRS that two returns have been filed using the same SSN. If this happens to you, in addition to the normal recovery procedures, the taxpayers should complete FORM 14039, Identity Theft Affidavit.

In 2011, Mauricio Warner filed approximately 5,000 fraudulent tax returns using stolen information. He received $6M in refunds. His victims willingly handed over their confidential information to him.

In 2015, criminals used stolen information such as social security numbers, dates of birth and other information to access past tax returns for more than 100,000 people using the IRS’s electronic transcript service. They were then able to use information obtained from other data breeches to get through the misstep authentication process. The IRS sent $50M in refunds before the fraud was detected. The Agency strongly believes that organized crime syndicates from around the world are responsible for the fraud.

The most common and simplest way an identity thief acquires your personal information is simply by asking for it. We are constantly exposed to phishing scams through emails, texts and phone calls. We naively and mistakenly reveal important data, which cybercriminals then use to file fraudulent tax returns.
While the Internal Revenue Service, state agencies, and the tax industry are working together to combat identity theft, we must be diligent to recognize and avoid falling prey to phishing scams. Learning to recognize and avoid phishing is crucial to protecting your identity theft. Phishing scams often appear to be from a friend, a company with whom you have done business, promise a prize award or entice you to open the email or text. Be vigilant not to give out personal information based on any unsolicited email requests. Phishing emails also may:

  • Contain a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look similar to the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
  • Contain an attachment. Do not open attachments from sources unknown to you. Scammers may include an attachment to an email. The attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it is spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards, or other sensitive data.
  • Appear to be from a government agency. Identity thieves try to imitate the IRS and other government agencies. They attempt to frighten you into opening email links by posing as government agencies.
  • Be an “off” email from a friend. Scammers frequently hack email accounts and leverage the stolen email addresses. You may receive an email from a familiar contact or friend, but it is odd. It may be missing a subject for the subject line or contain a strange request or language.
  • Contain an unauthentic URL. The URL in the questionable email may be deceiving. For example, instead of, it may be a false lookalike such as Place your cursor over the text to view a pop-up of the true URL. Use all of your security software features.
If you reported to the IRS that you were a victim of identity theft or if the IRS identified you as a victim of identity theft, you will be unable to use only your Social Security Number to file a tax return. The IRS will have blocked filings using just your Social Security Number to prevent ID thieves from filing a return using your Social Security Number.




In 1998, the Identity Theft Assumption Deterrence Act legislation by Congress named Identity Theft a federal crime, punishable with a fine of $250,000 and up to 15 years in prison. In 2003, The Fair And Accurate Credit Transactions Act required the three credit reporting agencies to provide consumers a free copy of their credit report at least once every 12 months. This allows consumers to monitor their credit reports for any accounts that fraudulently may have been opened in their name. In January 2016, the FTC announced the new version of, which now allows consumers the ability to create their own personalized identity theft recovery plan.

If you think you are a victim of identity theft, the sooner you act, the greater the likelihood to minimize the damage to your personal funds and financial accounts, as well as your reputation. Under the Identity Theft and Assumption Act, the Identity Theft and Assumption Deterrence Act, the FTC is responsible for receiving and processing complaints from people who believe they may be victims of identity theft, providing informational materials to those people, and referring those complaints to appropriate entities, including the major credit reporting agencies and law enforcement agencies.




  1. Order your free resource at FTC RECOVERY PLAN – PDF download:


  1. The Federal Trade Commission (FTC) is the primary government agency for managing identity theft crimes.
  1. FBI or the U.S. SECRET SERVICE: The United States Secret Service investigates bank and currency fraud. Report crimes relating to identity theft and fraud.
  1. LOCAL LAW ENFORCEMENT: Local law enforcement will investigate crimes committed locally. File a police report.
  1. POSTAL INSPECTION OFFICE: The Postal Inspectors will investigate mail fraud or tampering. If you suspect that an identity thief has submitted a change-of-address form with the Post Office to redirect your mail, or has used the mail to commit frauds involving your identity.
  1. THE SOCIAL SECURITY ADMINISTRATION:If you suspect that your Social Security number is being fraudulently used, call 800-269-0271 to report the fraud.
  1. THE INTERNAL REVENUE SERVICE:The IRS will investigate fraud related to federal taxes. If you suspect the improper use of identification information in connection with tax violations (call 1-800-829-0433 to report the violations).
  • (800) 525-6285
  • O. Box 740250, Atlanta, GA 30374-0250.
  • Order a copy of your credit report ($8 in most states), write to P.O. Box 740241, Atlanta, GA 30374-0241, or call (800) 685-1111.
  • To dispute information in your report, call the phone number provided on your credit report.
  • To opt out of pre-approved offers of credit, call (888) 567-8688 or write to Equifax Options, P.O. Box 740123, Atlanta GA 30374-0123.
  • Call (888) 397-3742
  • Fax: to (800) 301-7196
  • Write to P.O. Box 1017, Allen, TX 75013
  • To order a copy of your credit report ($8 in most states): P.O. Box 2104, Allen TX 75013, or call (888) EXPERIAN.
  • To dispute information in your report, call the phone number provided on your credit report.
  • To opt out of pre-approved offers of credit and marketing lists, call (888) 5OPTOUT or write to P.O. Box 919, Allen, TX 75013.
  • Call (800) 680-7289
  • Write to P.O. Box 6790, Fullerton, CA 92634
  • To order a copy of your credit report ($8 in most states), write to P.O. Box 390, Springfield, PA 19064 or call: (800) 888-4213.
  • To dispute information in your report, call the phone number provided on your credit report.
  • To opt out of pre-approved offers of credit and marketing lists, call (800) 680-7293 or (888) 5OPTOUT or write to P.O Box 97328, Jackson, MS 39238.
  1. SEC: The SEC will investigate fraud related to investments
  • Place a fraud alert with ONE of the credit reporting agencies
  • Consider a credit freeze on your account
  • Get your free credit reports
  1. Keep meticulous records and logs of all conversations and correspondences.
  1. Rigorously follow-up with creditors and agencies.
  1. Contact all creditors with whom your name or identifying data have been fraudulently used. For example, you may need to contact your long-distance telephone company if your long-distance calling card has been stolen or you find fraudulent charges on your bill.
  1. Contact all financial institutions where you have accounts that an identity thief has taken over or that have been created in your name but without your knowledge. You may need to cancel those accounts, place stop-payment orders on any outstanding checks that may not have cleared, and change your Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN).
  1. Contact the major check verification companies if you have had checks stolen or bank accounts set up by an identity thief. In particular, if you know that a particular merchant has received a check stolen from you, contact the verification company that the merchant uses.
  • Change your PIN codes
  • Consider safer more secure PINS
    • Avoid using Birthdates, the last 4 digits of a SSN, or addresses
    • Use more than 4 digits when possible
    • Avoid using the same PIN for multiple services
  • Change all your passwords
  • Email: Change your email password frequently. Always use a separate and complex password for your email – never use it anywhere else.
  • Password Manager
    • Password managers keep all your passwords organized, secured, and stored in a single location.
    • Easily generate long, highly complex passwords for each individual website or service.
    • Consider using a password manager such as mSecure:
  • Consider Passphrases for passwords:
    • Humans are not good at remembering random strings of text.
    • A password becomes much more secure as it becomes longer and more complex.
    • A passphrase is a group of memorable, but non-associated words
    • Password: S@andy1019
    • Passphrase: SandyMinnowEngine
  • Review all information regardless of how inconsequential it might seem.
  • If you find errors or fraud, you must write a letter to the credit reporting company.
  • The credit reporting company must investigate all claims and will send you a written reply.
  • It is the victim’s obligation to follow up and ensure that records have been corrected.
  • Identity Guard ( provides comprehensive credit and identity theft prevention services that focus on:
  • Monitor and Protect
    • Continual watch for your personal information appearing where it shouldn’t
    • You will be notified immediately in the event that your identity or credit is compromised.
  • Recover
    • In the event of compromise, they have tools and services to help resolve the issue
    • They over $1M in identity theft insurance
  • Credit Profiles
    • You can receive regularly copies of your credit score and reports from all three major credit agencies.


Identity Theft cannot be prevented, period. However, we are each individually responsible for taking steps to minimize our risk by managing our identity, security, privacy, and expediently detecting, addressing, stopping, resolving any discrepancies Being proactive is the best method.

A few more simple best practices strategies to reduce vulnerability include:


  • Shred papers and documents with personal identifying information
  • Opt-out of direct mail
  • Use a mailbox that locks
  • Be proactive with your credit reports: Each person can obtain 3 free credit reports per year (Equifax, Transunion & Experian). Request your reports and spread it out over the entire year. For example, pull your free Equifax report in January, then pull your free Transunion report in May, then pull your free Experian report in September.
  • If your on-line banking platform or credit card company provides free FICO scores, monitor your score monthly.



You can deduct losses related to identity theft due to the extent you are not reimbursed or compensated for the loss. To claim the deduction, you must complete IRS FORM 4684, Casualties, and Thefts. Part A is for personal losses; Part B is for business losses. Keep meticulous records about the losses and related expenses in case of an audit.

You May Also Like


Let’s Talk About Your Practice

Tell us about your practice and the support you need. We’ll review your information and reach out to schedule a complimentary 30-minute consult to discuss how our team can help you.