Watch an episode of SVU, Law & Order or CSI on TV, and you're bound to hear about doctor-patient confidentiality in hushed, almost reverent terms. Go to a new doctor's office and, amidst all the other paperwork, you'll be asked to sign a form enumerating your federally-mandated medical privacy rights. Call a hospital to check in on a friend and you're likely to hear that those rights prevent them from connecting your call.
So then why is medical identity theft one of the most common forms of identity theft and growing?
It's partially because, like many small businesses, doctor's offices often don't understand best practices when it comes to protecting the information they keep on their patients, and their record-keeping is often based on antiquated forms and methods of documentation that are long past their prime.
For instance, I recently made an appointment with a new, highly recommended physician whose staff immediately emailed me a new patient information form to fill out… and they suggested that I return it to a Hotmail account! I was dumbfounded that they would even recommend email -- which is transmitted in plain text (with a few exceptions) and easily intercepted -- to pass along my entire medical history.
Worse yet, most people don't know how dangerous it is to email this kind of personal information, or that you don't just have to hand over all the information that a doctor requests. So what are some of the things they ask for that they don't need to know?
1. Your Social Security Number
It used to be that your Social Security number was also your health insurance ID number (and, for those readers who use Medicare, it still is for the foreseeable future). But the vast majority of health care providers have changed that. So why do doctors still ask you for your SSN? Because the forms still list it, they're used to asking for it, because "it's what they've always done." But that's no reason for you to simply give it up. Leave it blank.
2. Family Members' Social Security Numbers
If they don't need your Social, doctors definitely don't need the SSNs of your minor children or your spouse. The more ways there are to find this information, the easier it is for that information to be lost or stolen, and child identity theft is itself a large and growing problem because their profiles are usually pristine and unlikely to be legally accessed until the age of 17.
A child's identity can be stolen and used for years before it is ever noticed. Remember how difficult it was for you to establish good credit when you were just starting out as a recent high school graduate? Now imagine that with years of bad credit to erase, all of which happened while your child was studying algebra.
3. Your Email Address
Yes, it's quite convenient to communicate via email but, as we've all learned from countless health care breach stories in the past year, it's also a very convenient way for others to eavesdrop on our correspondence or steal our identities.
If you want to keep your medical information private (and you do), then don't even give the doctor the option to communicate in this way with you. They may set up a secure portal where you can log in to see your test results, but they should never email your test results or other personal health information to you.