Contributed by Lena Thomas, 3L Roger Williams University Law School

Whenever a large data breach occurs in the healthcare industry, such as the Anthem Blue Cross Blue Shield breach this past winter, some news stories always seem to focus on the strange medical catastrophes that could result—like going to an emergency room with acute appendicitis only to be told you had an appendectomy two years earlier. Such a situation may be attention-grabbing for the headlines, but it turns out that medical identity theft is a much larger and more diverse problem.

In addition to the potential inaccuracies in medical records, financial and credit problems can arise just like in any other case of identity theft. Because thieves may be motivated by financial gain, free medical care, or some combination of the two, medical identity theft may be more alluring to potential thieves than regular identity theft. While credit cards have alert systems to spot suspicious charges and all charges are posted to the account in a matter of days, medical billing is a much slower, labor intensive process. The length of time before the medical identity victim might have the first opportunity to learn that the crime occurred can make it harder to apprehend the medical identity thief.

Fixing records after an incident of medical identity theft is more difficult than it would be in a case of financial identity theft. Medical providers are only obligated to correct their own errors, so a victim of medical identity theft must contact every provider seen by the medical identity theft and then every provider that subsequently included any of that information in its own record for the victim. There are often fees to obtain a copy of a personal medical record as well. This is very different from the financial identity theft victim who only needs to contact three agencies and is guaranteed a free annual credit report.