Stealing Your Identity for Liposuction

Sierra Morgan, a 31-year-old respiratory therapist from Modesto, Calif., was billed $12,000 on her health-care credit card in November for liposuction, a procedure she never requested or had. "It's depressing to know that someone used my name and knows so much about me," she says.

Brandon Sharp, 38, found more than $100,000 of unpaid medical bills on his credit report when he went to buy a home. The charges included $19,501 for a life-flight helicopter trip and emergency room visits he never made, says Sharp, a project manager for an oil company in Houston. "I'm as healthy as they come," he says. He spent more than six months correcting his medical files and credit report and reversing the outstanding charges.

Stories like these are becoming alarmingly common. There were more than 275,000 cases of medical information theft in the U.S. last year, twice the number in 2008, according to Javelin Strategy & Research, a market research firm in Pleasanton, Calif. The average fraud totals $12,100, Javelin says. "If the health insurance is valid, they'll treat you and not always check your ID," says Jennifer Leuer, general manager of, an identity-protection service sold by Experian, the credit reporting firm. "It's becoming the credit card with a $1 million limit."

Medical ID theft comes in a variety of forms. Thieves may impersonate a patient, as in Morgan's case. Criminals can set up fake clinics to bill for phony treatments; and some medical workers download records to sell to people who will use them to commit fraud.

The problem is likely to worsen as more medical records go into digital form, a priority of President Obama's health overhaul. Digitizing records saves money and can lead to improvements in care. "Having information available to physicians and caregivers is a life-and-death matter," says Glen Tullman, chief executive of Allscripts, which sells medical records software.


At the same time, digital files may be easier to steal. "Once files are in electronic form, the crime scales up quickly," says Pam Dixon, founder of the World Privacy Forum, a nonprofit consumer-research group based in San Diego, which analyzed a decade of consumer complaints filed with the Federal Trade Commission and medical identity theft cases from the Justice Dept. "There are cases where someone has walked out with thousands and thousands of files on a thumb drive. You can't do that with paper files."

Medical identity theft is more than twice as costly as other types of ID frauds, says James Van Dyke, president of Javelin, in part because criminals use stolen health data an average of four times longer than other identity crimes before the theft is caught. Some thieves are able to change the billing address for a victim's insurance so the victim is unaware of charges. The $12,100 average fraud involving health information is far higher than the average $4,841 for all identity crimes last year. Consumers spent an average of $2,228 to resolve health ID frauds, six times more than other types, according to Javelin.

The damage can go beyond the financial. In some cases, patients' medical records have been altered to reflect diseases or treatments they never had, which can be life threatening in an emergency, says Dixon. And victims can find themselves denied care if their health coverage has been exhausted.

To guard against fraud, patients should request a copy of their medical files from their doctors after each visit, ask their insurer annually for a list of claims, and watch their credit reports, according to the World Privacy Forum. Dixon advises victims to file a police report and contact the Federal Trade Commission because it may help their case when asking a hospital or doctor to amend errors in files.

Sierra Morgan contacted the police and worked with the health clinic in Sacramento that had billed for the liposuction to capture the impersonator, who is in custody awaiting trial. "I wanted to catch her," Morgan says. "What nerve she had, using my name to get liposuction."

    Before it's here, it's on the Bloomberg Terminal.