Identity Theft, Medical Identity Theft, and FTC's Red Flags Rule

Identity Theft is one of the fastest growing crimes in the U.S. Identity theft occurs when a person obtains key pieces of personal identifying information about another individual (such as a Social Security number or a driver's license) and uses the information for their own personal gain. It can start with a lost or stolen wallet, pilfered mail, a data breach, computer virus, phishing, a scam, or paper documents thrown out by the individual or a business (dumpster diving). It may take hundreds of hours and several months for an individual to clear their good name after becoming a victim of identity theft. The cost to businesses left with unpaid bills for services or goods provided to perpetrators of identity theft is staggering.

Medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity -- such as social security number or insurance information -- without the person's knowledge or consent to obtain medical services or goods, or uses the person’s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim's name. Medical insurance companies report that billions of dollars are annually lost to health insurance fraud, often the result of medical identity theft.

Red Flags Rule:

As part of the Fair and Accurate Credit Transactions Act of 2003, the FTC issued final rules commonly referred to as the “Red Flags Rule” that require that any financial institution or creditor that regularly extends, renews, or continues credit to implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft.