10 ways to protect yourself from medical identity theft

Don't let hackers get hold of your health information

Published: May 15, 2015 09:00 AM

Find Ratings

A lot of good minds are trying to figure out how to make health information more secure. But it’s complicated, in part because there are advantages to not locking up medical information too tightly. You want online medical records that are “privacy- and security-protective, but also facilitate research and medical care,” says Michelle De Mooy, deputy director of the Consumer Privacy Project at the nonprofit Center for Democracy & Technology.

For prompt and accurate medical care, your doctors may sometimes need to send information back and forth to each other. Or, in an emergency, doctors may have to quickly determine whether you have specific medication allergies.

“A banker has the time to go through four layers of security before accessing data,” says Eric Perakslis, Ph.D., executive director of the Center for Biomedical Informatics and the Francis A. Countway Library at Harvard Medical School. “In an ICU, a doctor needs instant and timely access.”

Until we have solid solutions, guard your financial and health information with the same rigor, and consider the following advice:

1. Share only what you have to

Share as little personal data as you can at doctor’s offices and hospitals, and with insurers. For example, don’t give your Social Security number to health care providers unless you must, and ask whether other information, such as your date of birth and driver’s license number, is really needed before you provide it. Be especially careful on the phone. After the Anthem breach, consumers posted comments on the Federal Trade Commission’s website describing phone inquiries from callers who claimed to be Anthem representatives asking for personal identifying information. But Anthem says it made no such calls.

2. Be e-mail savvy

Anthem customers affected by the breach also received phishing e-mails. Don’t click on e-mails you don’t recognize and, if you do, don’t provide information unless you have verified that the source is real. Consider creating one e-mail account for health care and banking, and another for social media. "Change your e-mail password often and use 2-factor authentication for e-mail and other accounts when available and possible," Perakslis says. Two-factor identification uses two different password types—such as a regular password and a one-time-use code that expires within minutes—and offers more security than one password.

3. Store carefully

“Whether paper records, medical scans on a DVD, or records in a computer file, treat medical data like you would treat your tax returns," Perakslis says. "Carefully file and manage them." Electronic records should be encrypted and stored on a password-protected external hard drive. Store paper records and CDs in a locked file cabinet. Shred paper or destroy discs before throwing them away.  

Find out why cyberthieves want your personal health information and see our extensive guide to Internet security for more safety tips and tactic. 

4. Choose paper or digital records

There's no need for storing both paper and digital records of your account. Using both can double your risk of data theft, unless both are managed well.

5. Get protective software

Purchase high-quality virus and malware protection software, and use it and update it the way it’s recommended.

6. Avoid public Wi-Fi

Don’t log into health or financial accounts on public Wi-Fi. “Using public Wi-Fi is like sharing a bathtub,” Perakslis says. For anyone using a Wi-Fi-enabled device on any public or free Wi-Fi, clean the device with protection software beforehand. Do the same afterward, before reconnecting the device to the home network.

7. Watch the cloud

If you use cloud services to connect your devices and accounts, remember that all are not created equal. Exclude sensitive accounts and store important files encrypted on a physical external hard drive at home that is password protected. With online storage accounts, look for services that require 2-factor password authentication. “Having too many things in one online digital place is like one-stop-shopping for a hacker if the data is not secured properly,” Perakslis says.

8. Be wary of wearables

Think carefully before providing your personal information to devices like Fitbits, mobile apps, and health websites, especially those that have interactive tools like calorie trackers. Don’t share medical information on social media either. All can put you at risk of data theft. (Read more about privacy and the Internet of Things.)

9. Monitor your credit

Since many data breaches and cases of identity theft are not discovered for months, check your credit history to see if someone is using your health and financial data improperly. You are entitled to a free credit report once a year from each of the three credit reporting agencies. Stagger the free annual reports and get one from a different credit bureau every four months. You are also entitled to one additional free report from each agency if you have been the victim of identity theft and place a fraud alert on your credit report.

10. Check your records

Check all your health-related mail, e-mail, and health records. Look closely at statements and other communications from your insurance company and health care providers for strange items or services and for health conditions that you don’t have. Look at your electronic health records, too. Ann Patterson, senior vice president at the health industry group Medical Identity Fraud Alliance, suggests that consumers review their health records by using the patient portals that are increasingly coming online with healthcare providers. If you have access to a portal, look at your online medical records monthly, as you would your financial statements. If your primary health care provider doesn’t have an online system, ask for an annual summary of your records—or ask quarterly if you suspect you’ve been a fraud victim. Sometimes, providers charge a nominal fee for a summary of your medical records.

Finally, if you spot something worrisome, call your primary-care provider and insurance company promptly. In addition, maintain a list of your accounts, so you can quickly ask for new credit and debit cards, change online user names and passwords, and ask credit bureaus to put a fraud alert on your records.

Diane Umansky

Find Ratings

Antivirus Software Ratings

View and compare all Antivirus Software ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Health News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more