World Privacy Forum’s Medical Identity Theft Map

The World Privacy Forum (WPF) has released a medical identity theft map, an interactive map highlighting the location of all medical ID theft complaints collected from 2008- February 12, 2009 by the Federal Trade Commission (FTC). The map enables users to interactively view one year of medical identity theft activity in the US, based on FTC complaints.

In order to create this tool, the WPF analyzed the FTC’s Consumer Sentinel incident reports. As such, the data is consumer-reported, thus does not represent a final, definitive picture of medical identity theft. However, the map reveals a significant geographic clustering of medical identity theft in the states of Florida, California (in particular southern California), New York, Arizona, and Texas.

A closer look at medical identity theft…

Medical identity theft takes place when someone uses a person’s name and sometimes other parts of their identity – for instance insurance information – without the individual’s knowledge or consent, in order to access medical services or goods, or uses the person’s identity information make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries put into existing medical records, sometimes involving the creation of fictitious medical records in the victim’s name.

According to the FTC, it’s important to read medical and insurance statements regularly and completely, as these can indicate warning signs of identity theft. In particular, it’s important to read the Explanation of Benefits (EoB) statement or Medicare Summary notice sent by the health plan after treatment. Other signs of medical identity theft include:

  • A bill for medical services you didn’t receive
  • A call for a debt collector about a medical debt you don’t owe
  • Medical collection notices on your credit report you don’t recognize
  • A notice from your health plan saying you have reached the benefit limit
  • A denial of insurance because your medical records show a condition you don’t have

Unfortunately, medical identity theft is an issue that has been poorly researched and under-reported until now. According to the World Privacy Forum,

“Medical identity theft is a crime that can cause great harm to its victims. Yet despite the profound risk it carries, it is the least studied and most poorly documented of the cluster of identity theft crimes. It is also the most difficult to fix after the fact, because victims have limited rights and recourses. Medical identity theft typically leaves a train of falsified information in medical records that can plague victims’ medical and financial lives for years.”

As such, the WPF has researched and published the first major report about medical identity theft, entitled Medical Identity Theft: The Information Crime That Can Kill You.

Relevant Federal Laws

Within the US, there are a number of relevant laws surrounding health privacy. The Health Information Portability and Accountability Act (HIPAA) is the most important federal health privacy law, however, there are others which also affect medical privacy. These include:


This article introduces the World Privacy Forum’s (WPF) medical identity theft map, an interactive map that locates medical identity theft complaints collected from 2008-9 by the Federal Trade Commission. The article also provides a definition of “medical identity theft,” as well as resources for victims of medical ID theft.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States (CIPP/US), a privacy professional should be comfortable with topics related to this post, including:

  • Limits on private sector collection and use of data – medical (II.B.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>