It is easier than ever to manage your health information through apps, portals, and websites. At the same time it is more important than ever to keep your health information safe. Hackers are taking advantage of the explosion of health technology to steal personal health information.

You could become the victim of medical identity theft – where someone impersonates you to get medical treatment, drugs, or surgery. This could leave you with the bill for someone else’s care. There are laws in place that protect health data, but these laws do not cover all of the places health information can be shared nowadays.

Now more than ever, it is important to take steps to keep your health data secure.

Medical identity theft can be a big problem for you.

The movement to digital health opens up more opportunities for amazing innovation. But it also creates more opportunities for cyber crime.

Medical identity theft happens when someone uses your name or health insurance info to see doctors, get drugs, or file claims under your insurance. This can impact the treatment you receive, your insurance and payments, and even your credit report.

Imagine you need physical therapy but your insurance company says you already used up that benefit. Or you are reported to a debt collection agency because you failed to pay a medical bill for care you never received. That is what medical identity theft can do.

If you are the victim of medical identity theft, it is important to know it as soon as possible so you can report it. To catch it early make sure you:

• Read medical and insurance statements, like your Explanation of Benefits (EOB) or Summary Notice.
• Recognize the names providers you saw, the dates of service when you got care, and the care is what you received.
• Stay alert for bills or calls from debt collectors for services you did not receive.
• Carefully review notices from your health insurer about reaching your benefit limit.
• Flag any denial or approval notices you get for a medical service you did not request.

If you see anything that does not look right, report it to your health insurer and doctor’s office.

Laws only partly protect your health information.

There are laws in place to help keep your health information safe. The one you may have heard of is called HIPAA – the Health Insurance Portability and Accountability Act. HIPAA is a law that sets the rules for protecting the privacy and security of health information. Health providers, health insurance companies, and certain health organizations have to follow the HIPAA law.

You likely received a HIPAA notice when checking-in for an appointment.

But here is the scary part: not every company out there involved in health has to follow this law. For example, HIPAA does not apply to health information you put in a mobile app, share on social media, or put in certain personal health records.

Because there are many more ways to put health information out there than ever before, you need to take steps to protect it.

Steps to keep your health information safe:

There are things you can do to reduce the opportunity for medical identity theft and protect your health information. This includes things like:

1: Use password protection.

This is the same advice you would get for keeping your financial information safe. Create strong passwords, update them often, and never share them.

2: Limit what health information you put on social media.

Think twice before sharing health information on social media. Information you post could be used to impersonate you. The more information you put on social media, the easier it will be for someone to steal your identity. You may want to consider limiting access to your profiles.

3: Keep health information safe on your mobile devices.

Make sure to research mobile apps before putting your health information in them. Get to know what is on the health apps and devices you use right now. Read the terms of service and privacy notice to know with whom they share information.

Keep in mind that once you share health information, the app company could go on to share with other vendors. If the app company is ever acquired, your data may belong to a new company you never signed up to use.

If you are using a personal health record, make sure it is from a source required to comply with HIPAA laws, like a health provider or health insurance company.

4: Use the latest security software.

Keep your devices up-to-date by taking any security patches your device maker sends. Security updates frequently repair flaws hackers use to access information.

You may want to consider installing encryption software, as well as software that will let you remotely wipe information from your mobile device if it is ever lost or stolen. Do not use public WiFi networks when you are using health apps or sharing your health information on websites.

5: Be careful what information you share with others.

Do not share your insurance card with anyone but providers from whom you are seeking care. Even sharing your insurance card with someone offering free things like exams, massages, or supplements could be a scam to steal your identity.

Share only the minimum required information on your provider’s website, and do not store any information there like your credit card. Finally, make sure to keep any paper copies of medical information in a safe place and destroy anything out of date like prescription labels and old insurance forms.

What to do if your health information is stolen:

If you think you may be experiencing medical identity theft, you can report it to the Federal Trade Commission. Their website will also help you with a plan to recover from it.

Here are some additional things you will need to do:

Get copies of your medical records so you can look for errors.

This includes getting records from places where you did not receive care but they claim you did. For example, if you find out a prescription was given in your name, contact the pharmacy for a record. Remember: you have a right to your medical records.

Ask for an ‘Accounting of Disclosures.’

This tells you who got copies of your medical records from a provider. Tell your health plan and providers what part of the record is not accurate and ask for correction. They are required to change the information in your file.

If you get any push back on getting your medical records or making corrections, remember that there are appeal processes where you can challenge their decision. You can even take it up to government agencies that will investigate the issue, such as the U.S. Department of Health and Human Services Office for Civil Rights.

Notify your health insurance plan’s fraud department and all three credit bureaus.

Consider placing a fraud alert or freezing your credit reports.

Key takeaways:

With more health data going digital, there is more opportunity for bad actors to steal information. Medical identity theft could lead to issues using your health insurance and even medical bills that do not belong to you. To keep your health information safe:

• Use strong passwords
• Be careful what you put on social media.
• Secure your mobile devices.
• Keep security software up to date.
• Limit what information you share with others.

If you take steps to keep your health information secure, you can safely enjoy the benefits of digital health.