After shoulder surgery last year, Lind Weaver was stunned when hospital bill collectors demanded that she pay for the amputation of her right foot.
"Either you didn't do the surgery, or you did a really [shoddy] job of it," Weaver told them, sending along notarized photos of her toes, all still attached. "Either way, I'm not paying."
But the 56-year-old retired schoolteacher quickly discovered she was dealing with something more nefarious than a simple clerical error: An identity thief had obtained medical care under Weaver's name and had the bill sent to her insurer.
A year later, Weaver is still trying to catch errors in her medical records and clear the hospital bills fraudulently run up in her name.
For The Record
Los Angeles Times Monday October 09, 2006 Home Edition Main News Part A Page 2 National Desk 2 inches; 75 words Type of Material: Correction
Medical identity fraud: A Sept. 25 article in Section A about medical identity fraud should have noted the findings of a report published in May by nonprofit research group World Privacy Forum in San Diego. The report, authored by Pam Dixon, was titled "Medical Identity Theft: The Information Crime That Can Kill You." The news accounts and conclusions in that report were part of the research that led to The Times article on the subject.
"It became a 40-hour-a-week job," Weaver said. "I put my phone to my ear and sat there listening to elevator music."
Although the most typical of the millions of identity theft cases in the U.S. each year involve credit cards, a 2003 federal report estimated that at least 200,000 instances involved medical identity fraud. Experts believe that the rising cost of healthcare is driving more identity theft, and that many people are unaware they have become victims unless they receive a hospital bill or query from their insurer.
"There's no reason to assume the patients ever find out," said Harvard University management professor Malcolm Sparrow, an expert on regulatory agencies who has written books on healthcare fraud. "The bulk presumably remain invisible."
With their medical records compromised, victims of this kind of fraud face a greater risk of injury or even death if doctors make treatment decisions based on bad information. Files might list incorrect prescriptions or the wrong blood type. Or, as in Weaver's case, an erroneous diagnosis of diabetes.
Bad information can also put careers and insurance at risk. Many employers, including more than a third of the Fortune 500 companies, demand access to medical records when making hiring, promotion or benefits decisions, according to the nonprofit Patient Privacy Rights Foundation. Health and life insurance companies routinely scan medical files or payout reports before issuing new policies.
Victims, though, often find that clearing their medical records of bad information is much more difficult than fixing credit reports, which are centralized in three major credit bureaus.
Consumers have the right to obtain one free credit report annually, and to demand an investigation of information they believe is fraudulent or incorrect. Unverified reports must be removed promptly.
Medical records, in contrast, can be scattered across dozens of doctors' offices, hospitals and clinics. And federal privacy rules intended to protect private information can make it difficult for patients to even obtain their own records when identity theft is suspected.
"These privacy rules might put you in a situation where you can't even investigate," said Wilma Kidd, chief privacy officer at WellPoint Inc., the largest U.S. health insurer for employees and other groups.
A big reason most people never find out about erroneous records is the Health Insurance Portability and Accountability Act of 1996. The law can make it difficult for patients to see their own medical records, since the penalties for improper disclosure prompt some hospitals to set up roadblocks including demands for multiple forms of identification.
The bitter twist on medical identity theft is that once a person tells a keeper of records that someone else's data might be intermingled, the file becomes even harder to obtain. Why? Because it includes another person's medical history, which many hospitals argue can't be turned over without consent.
Even when patients do see their records, they have no automatic right to fix errors they find.
As she battled collection agencies last year, Weaver fought to see her medical files. She suspected that someone had used her identity to obtain a foot amputation, but hospital officials wouldn't help.
Weaver marched into the hospital waiting room in Bunnell, Fla., and started shouting that the doctors didn't know who their patients were. That got her service in a hurry. After she was shown to a consulting room and given the file, she soon thought she had weeded out her impostor's medical history.
In May, Weaver suffered a heart attack at her home in Palm Coast, Fla., and was in and out of consciousness.
When she awoke in her hospital room two days later, a nurse asked Weaver what drugs she had been taking to treat her diabetes. Weaver has never had diabetes, a disease that can lead to foot problems severe enough to require amputation.
"They could have given me insulin," Weaver said. "There's a whole different heart procedure that covers people with diabetes."
Diabetes experts said those procedures would have been unlikely to threaten Weaver's life. A hospital spokeswoman declined to answer questions about Weaver's case.