The Justice Department’s recent National Health Care Fraud Takedown charged 455 people in cases involving more than $6.5 billion in alleged false claims, according to the Department of Justice. Many of those prosecutions include counts of medical identity theft — when someone uses another person’s insurance or Medicare number to obtain care or submit claims — and that fraud can follow victims into their medical records and billing histories.
Medical identity theft can change what a clinician sees before treating you, exhaust benefits you need, or leave you with unexpected bills. This explainer walks through the DOJ takedown and why it matters for patients, defines medical identity theft using Federal Trade Commission language, shows real examples reported by news outlets and affected health systems, and gives clear, ordered steps you can take now to check and correct your records.
DOJ takedown and the scale of the alleged fraud
According to the Department of Justice, prosecutors charged 455 people as part of the annual National Health Care Fraud Takedown, alleging more than $6.5 billion in false claims. The Justice Department noted aggravated identity theft counts in many of the cases and said providers and operators across dozens of states were involved. These are allegations that must be proven in court; calling them “alleged” clarifies that charges have been filed but not adjudicated.
Why this matters to patients: alleged schemes that bill under legitimate beneficiaries’ insurance or Medicare numbers can insert incorrect diagnoses, test results or prescriptions into an innocent person’s chart. Those mixed records can persist long after the criminal case is resolved unless corrected at the provider and payer level.
What is medical identity theft and how it affects care
The Federal Trade Commission defines medical identity theft as someone using your name, Social Security number, health insurance account number or Medicare number to get medical care, equipment, prescriptions or to submit claims in your name. When fraudulent care is billed under your identity, unrelated diagnoses or treatments can be recorded in your chart, which the FTC warns may affect future treatment decisions, medication choices, recorded allergies and available benefits.
Mixed or inaccurate medical records are not only a billing nuisance — they can be dangerous. A clinician relying on a record that lists another person’s allergy, diagnosis or medication could make treatment choices that are inappropriate for you.
Real-world examples: alleged schemes and system breaches
Prosecutors allege one Virginia mental health company co-owner paid homeless individuals with hotel stays and then used their Medicaid numbers to bill for services the patients never received. Separately, news reports say New York City Health + Hospitals told patients that an intruder copied files that may have included insurance and medical information, potentially affecting roughly 1.8 million current and former patients and employees. Those accounts show two common paths to corrupted records: fraudulent billing using real beneficiaries’ identifiers, and data breaches that expose identifiers later used to file claims under others’ names.
Warning signs: how to spot fraudulent medical claims
Because medical identity theft often does not trigger traditional credit alerts, watch these red flags closely:
- Explanation of Benefits (EOB) statements or bills for visits, tests, prescriptions or equipment you never received.
- An unexpected entry on your Medicare Summary Notice showing care you didn’t get.
- Patient-portal messages about appointments, prescriptions or records you didn’t create.
- Collection notices or bills from medical providers you don’t recognize.
- Insurance denials for care you should have coverage for because benefits were already used.
Step-by-step actions to fix records and report fraud
Act quickly and document everything. The ordered checklist below follows timelines in HIPAA and HHS guidance and uses IdentityTheft.gov as the central reporting tool.
- Call your insurer or the Medicare number on your card. Use only the phone numbers printed on your insurance or Medicare card. Ask for the provider name, date of service, claim number and specific service description for any unexpected entry. Get the fraud or dispute case number and the name of the representative.
- Contact the provider in writing and request records. Request copies of the medical and billing records tied to the suspect claim. Under HIPAA, covered providers generally have 30 days to provide access after a written request, with a possible 30-day extension, according to HHS guidance. Keep proof of your request (email, certified mail receipt).
- File a fraud dispute with your insurer. Ask the insurer to mark the claim as disputed or fraudulent in your file and send written confirmation. Keep any reference numbers the insurer gives you.
- Report at IdentityTheft.gov. Filing a report at IdentityTheft.gov creates an official recovery plan and documentation you can use with providers, insurers and collections agencies. The site can generate letters and step-by-step instructions tailored to medical identity theft.
- Ask the provider to amend incorrect records. Submit a written request for an amendment. HHS guidance says covered entities generally have up to 60 days to act on an amendment request, with a possible 30-day extension. If the provider refuses, you can add a statement of disagreement to your records and escalate to the Office for Civil Rights (OCR) at HHS.
- Keep a comprehensive file. Save copies of EOBs, bills, portal messages, dispute confirmations, police reports (if filed), IdentityTheft.gov records and any correspondence. Those documents are essential when disputing collections or future billing errors.
- Consider identity monitoring and practical protections. Services that monitor medical IDs, SSNs and related data can flag exposed information earlier. Also guard insurance and Medicare numbers like payment cards: don’t share them over unsolicited calls or messages.
Note: if a provider denies access to or amendment of records within the regulatory timelines, you can file a HIPAA complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). OCR enforces timelines and privacy protections for covered entities.
What to expect next and how to stay protected
The DOJ sweep describes alleged criminal conduct; charges must be proven in court. Even where prosecutions move forward, correcting corrupted medical records often requires separate, administrative fixes at providers and insurers and can take weeks to months. Staying organized and persistent — calling the number on your card, requesting records in writing, filing at IdentityTheft.gov, and exercising HIPAA amendment rights — gives you the best chance to restore clean records before they affect care or benefits.
Ongoing habits that reduce risk include reviewing EOBs and Medicare Summary Notices each month, checking patient portals, and limiting whom you share insurance and Medicare numbers with. If you suspect theft, start the ordered steps above immediately.
FAQ
How do I know if my medical identity was stolen? Look for unexpected EOBs, unfamiliar providers on your billing history, unexplained denials of coverage, and portal activity you didn’t initiate. If you see a red flag, follow the step-by-step actions above and file at IdentityTheft.gov.
What steps should I take if I find a false claim on my EOB? Call the insurer using the number on your card, request provider billing details, dispute the claim with your insurer’s fraud unit, request provider records in writing, and file at IdentityTheft.gov. Keep copies of all correspondence.
How long do providers have to give or amend medical records? Under HIPAA and HHS guidance, providers generally have 30 days to provide access to records (with a possible 30-day extension) and typically up to 60 days to act on an amendment request (with a possible 30-day extension).
Source: Fox News — Medical identity theft follows you into the doctor’s office. Additional guidance referenced from the U.S. Department of Justice, the Federal Trade Commission, IdentityTheft.gov, and U.S. Department of Health and Human Services (HHS) HIPAA guidance.