Medical identity theft could cost you your life

Stigur Karlsson | E+ | Getty Images

Imagine being rushed to the hospital with appendicitis, but your medical records show that your appendix has already been removed. The confusion could delay proper treatment.

What if your blood type is different from what's listed in your medical file? Or maybe you have severe drug allergies, but the records have been changed and now say you don't have any.

This is what can happen to victims of medical identity theft, a rapidly growing problem that few people know about it.

Medical ID theft takes place when someone uses your name and personal identifying information to receive medical services, devices or prescription drugs.

"It's an insidious crime, and the consequences can be deadly," said Robin Slade with the Medical Identity Fraud Alliance (MIFA). "This fraud causes your medical records to get contaminated by the perpetrator's medical information, so it could literally kill you."

And this crime is on the rise—up 20 percent within the last year, according to a national survey from the Ponemon Institute, which specializes in privacy issues.

"We don't think this is an anomaly," said Dr. Larry Ponemon, the institute's chairman. "We think this crime is becoming more popular with criminals because a medical record is actually more valuable than other forms of personally identifiable information, like a credit or debit card record."

This study, which Ponemon conducted for MIFA, estimates that nearly 2 million Americans have been victims of this crime and will spend over $12 billion out of pocket this year alone to deal with the consequences of their compromised medical or insurance files.

With most forms of identity theft, you realize you've been the victim fairly quickly. It doesn't take long to discover that your credit card number was used by a thief on a shopping spree.

But medical identity theft can be perpetrated without your knowledge.

"It may be years or decades later that you find out that your medical record has changed, putting you at great peril," Poneman told me.

Such a discovery can come as quite a shock.

Nikki Gordon was 17 when she tried to donate blood at her high school in Portland, Ore., and was turned away because her medical records erroneously showed she had AIDS.

"I was flabbergasted," she told me. "And my mother was irate."

Gordon knew she did not have AIDS and pushed for an explanation. Eventually, she was told that someone in California with the disease had used her Social Security number to receive treatment.

A blood test proved she did not have AIDS, but it took a lot of work over many years to get her records corrected.

"With life insurance and health insurance and all of those things, if that false information ever got out, it could potentially be very damaging," Gordon said. "I got lucky—this could have gone in a very different direction."

Victims sometimes help the perpetrators

Another key finding of this study: Some "victims" of medical identity theft aren't victims at all.

In fact, a third of the the victims in this survey said they knowingly gave their information to an immediate family member, relative or friend who needed treatment they could not afford.

"Sharing medical credentials this way is not viewed as a crime by some but rather as a good deed," Ponemon said.

Of course, this Robin Hood mentality drives up the cost of health insurance for everyone. And it's still fraud.

It's going to get worse

Fraud experts say steps must be taken now to protect people against this threat to their health. They predict that the problem will grow along with the use of electronic health record and as more people get health coverage under the Affordable Care Act.

"The ubiquitous shift to electronic storage of records in the medical industry—not just on electronic health records systems, but on medical devices and mobile apps as well—has resulted in greatly increased consumer vulnerability," said Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center (a member of MIFA). "These challenges are not insurmountable at this time, but we must unite to develop technologies, strategies and policies to ensure the safety of consumer data."

There are things you can do right now to protect your personal health information:

Review your Explanation of Benefits (EOBs), the statement you get from a medical provider whenever you make an office visit or receive treatment. Many people don't double-check them, especially if their insurance is paying the bill. Ensure the doctors listed and services provided are accurate. If you find an incorrect item, even if no money is owed, contact your insurer immediately.
Obtain your "benefits request" annually. Your insurer can provide a list of all benefits and services paid in your name.
Safeguard your insurance-related paperwork; shred your EOB or file it in a secure location.
Report lost or stolen health insurance identification cards. Alert your carrier of misplaced, lost or stolen cards to avoid unauthorized use.
Be vigilant when providing your personal or insurance information. Be sure you're dealing with a reputable health-care provider. Be cautious when offered free medical services. Fraudsters often use that as a way to obtain information.
Review your credit reports annually and check that they are free of any medical liens. You have a right to request a free annual credit report from each of the three credit bureaus.

—By CNBC contributor Herb Weisbaum. Follow him on Facebook and Twitter @TheConsumerman or visit The ConsumerMan website.