SPECIAL REPORT

Thieves are after your identity: From stolen tax refunds to altered medical records, the crime is damaging finances and putting peoples lives in danger

SCRIPPS HOWARD NEWS SERVICE

SCRIPPS HOWARD NEWS SERVICE

About the Identity Theft special report

Identity thieves are crafty and quick. Expose one of their schemes, they move on to the next. Scripps Howard News Service reporter Isaac Wolf discovered an unexpected and enormous surge in the latest illegal tricks --- stealing tax refunds and scamming free medical care -- with a combination of dogged reporting and intense data research. Using the Freedom of Information Act, Wolf analyzed more than 1.4 million complaints of identity theft and shared his results with Scripps Howard television stations and newspapers around the country. Together, they pinpointed the neighborhoods targeted by thieves and the latest techniques used to steal identities. The Scripps team found that, for completely different reasons, the hotbeds of identity theft are Brownsville, Texas, and Brooklyn, New York. But the real surprise was that thefts of tax refunds had tripled from 2005 to 2009. The victims only realized what had happened when they tried to claim legitimate tax refunds and found the money had been sent to someone else. In one elaborate scheme, crooks in Belarus used a fake taxpreparation service to generate phony returns and steal the refunds. Wolf also discovered how thieves are taking advantage of health privacy laws to steal medical care. In response to the stories, Rep. Frank Pallone, D-NJ, began working on legal changes to allow people to fix their own health records. Three months after the Scripps stories ran, Sen. Bill Nelson, D-Fla., called on the IRS to tighten safeguards against tax-refund theft and better assist victims who must wait months -- sometimes years -- to get their rightful refunds. Wolf s reporting also caught the eye of producers at ABCs World News with Diane Sawyer, which aired a national segment March 29 on tax-refund theft based on his findings. We believe that Isaac Wolf s reporting will help shut down these types of thefts. Surely, the ID thieves will move onto other scams. Wolf will be right behind them.

Sincerely, Peter Copeland

Editor & General Manager Scripps Howard News Service

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

Medical ID theft victim Joanna Saenz. Her story, Page 12

SHNS photo by Mark T. Osler

IDENTITY THEFT TAX FRAUD

Tax refunds are the newest target of ID thieves Brownsville, Texas, tops U.S. in ID theft reports Where the thieves are striking How to protect yourself
PAGE 4 PAGE 8 PAGE 9 PAGE 10

CONTRIBUTORS
Reporter Isaac Wolf Editorial Writer Dale McFeatters Lead Editor Lisa Hoffman Editors Peter Copeland Carol Guensburg Bob Jones John Lindsay David Nielsen Photo Editor Sheila Person Multimedia Editor Jason Bartz

MEDICAL RECORDS
Doctors withhold records from victims of medical identity theft Who is most at risk of ID theft? What to do if you are a victim Medical ID theft victims need way to fix records, lawmaker says Making news around America
PAGE 12 PAGE 14 PAGE 16 PAGE 18

PAGE 20

CONTACTS
202-408-1484 or stories@shns.com. Our website www.scrippsnews.com
Scripps Howard News Service is part of the E.W. Scripps Co.

EDITORIALS
Bad guys have their eyes on your tax refund Medical ID theft is a growing problem
PAGE 23 PAGE 24

SPRING 2011 3

Naples, Fla. resident Gilbert Sherburne, 82, didnt realize he was facing identity theft until Bank of America called to verify the purchase of a plane ticket worth more than $900 on his credit card. After Bank of America replaced his original credit card, the U.S. Coast Guard veteran learned that someone had requested a copy of the replacement card over the phone.
Photo by David Albers, Naples Daily News

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT TAX FRAUD

Tax refunds newest target in ID thefts

By isaac wolf Scripps Howard News Service

hile waiting for your income tax refund this spring, beware that someone else may already have claimed it.
agency, which collects information for law-enforcement authorities around the nation. Whether this is because the incidence of the crime is decreasing, or because victims are too frustrated, confused or embarrassed to contact the FTC, is unclear. Striking an estimated 10 million Americans a year, ID theft has received volumes of attention in the last decade. When the spotlight is shined on a particular ID crime method, the number of related complaints typically drops. For instance, over the years, financial institutions intensified efforts to identify and resolve cases where credit cards are stolen and used to run up fraudulent
SPRING 2011 5

In one of the fastest-growing forms of identity theft, crooks are using a strangers Social Security number and other personal information to fool the Internal Revenue Service into diverting the persons rightful refund to the bad guys pockets, according to a Scripps Howard News Service investigation. The volume of tax- or wage-related identity theft complaints to the U.S. Federal Trade Commission more than tripled from 2005 to 2009, according to a Scripps analysis of more than 1.4 million ID theft records in the agencys Consumer Sentinel database. That comes despite a decline in the overall number of identity theft complaints to the federal watchdog

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT TAX FRAUD

bills. In turn, the FTC data shows an overall drop in The largest volume of complaints came from credit-card related identity theft complaints. residents of California (230,269), followed by Texas But they havent disappeared, as Naples, Fla. resi(144,272) and Florida (105,241). dent Gilbert Sherburne knows too well. In November, Steven Toporoff, an attorney in the FTCs division his credit card company, Bank of Amerof privacy and identity protection, said iD theft complaints the growing number of plundered tax ica, contacted him when someone tried Scripps Howard News Serto purchase a $984 airline ticket with the returns is of increasing interest to the vice analysis of 1.4 million 82-year-old mans card number. agency. The FTC is working with the complaints from January 2005 to March 2010: Meanwhile, other types of ID theft, IRS and other authorities to warn the including purloined tax refunds and uspublic about the threat and provide sugcomplaints California 230,269 ing a lifted identity to open new utility gestions for ways taxpayers can protect Texas 144,272 accounts, are growing. themselves. Florida 105,241 The Scripps review of the data, obAccording to the FTC data, 11,010 New York 97,701 tained by a Freedom of Information Act victims reported tax- or wage-related Illinois 59,564 request, shows: identity theft in 2005. Four years later, Pennsylvania 47,284 Georgia 46,969 ID theft complaints to the FTC that number rose to 33,774 victims. Arizona 45,888 declined 20.2 percent from 2008 to Toporoff noted that the complaints Michigan 38,289 2010. Agency officials say they cannot are reported by the public and are not Ohio 38,227 explain the decrease. vetted for accuracy. Source: U.S. Federal Trade Commission Despite the drop in overall comFor victims, the process of recoverplaints, however, there is evidence that ing from any type of ID crime can be ID theft is not actually slowing down. A 5,000-person arduous. nationwide phone survey by Javelin Strategy and ReIt was a nightmare, said Jeff Smith, 43, who search, a private firm based in Pleasanton, Calif., found works at Vintage Security, an alarm system company, that the crime jumped 12 percent in 2009. in the Baltimore suburb of Jessup, Md. Smith had a According to the FTC, complaints of a thief $6,000 tax refund that was swiped by a thief. Smith using a victims credit card dropped nearly 32 percent eventually received his tax refund, after eight months of from 2005 to 2009, the last year for which there was corresponding with the IRS and investigating the case full data. Some experts attribute this to the financial inon his own. dustrys success at thwarting fraud cases, while also proAfter learning that the thief cashed his tax refund viding full reimbursements to consumers. at a bank in Marietta, Ga., Smith worked with police Even so, the most common method of ID theft there to track down the culprit. Police determined that remains opening new credit-card accounts using anthe thief was part of a ring, but by the time authorities other persons name (13.2 percent of complaints). The conducted a raid, the suspects had fled. other most prevalent forms include using someone elses Smith found out his identity had been stolen in the Social Security number and other personal information spring of 2007, when he was asked to pay taxes on jobs to get a job (11.2 percent), and stealing anothers tax reflipping burgers at a Wendys restaurant and a car wash funds or salary (8.9 percent). in Marietta. Smith later found out his name had been

6 SPRING 2011

An impostor used Jeff Smiths information to skip the bill on medical care, taxes and utilities. Smith, an employee at Vintage Security in Jessup, M.D., also had an apartment taken out in his name.
SHNS photo by Jason Bartz

used to rent an apartment, take out utilities and to pay for stitches at a hospital in New York. Just how a thief lifted Smiths tax return is not known. But a common scheme involves falsely advertising a free tax preparation service. In one case, a crime ring from Belarus duped American taxpayers in 2006 and 2007 with a bogus tax filing service they claimed was backed by the IRS, according to the U.S. Department of Justice. Through this scheme, the criminals captured taxpayer information, then doctored it to claim larger tax returns. Finally, they submitted the phony tax returns to the IRS, and directed the cash to be sent to themselves. Another emerging and increasing criminal enterprise: Thieves using a strangers identity to start electric or gas service at the bad guys address. In 2005,

the FTC recorded 8,427 complaints for utility identity theft. By 2009, that number more than doubled to 19,934. The FTC records also reveal national hotspots for identity theft. Brownsville, Texas along the U.S.Mexico border contains the ZIP code with the highest volume of identity theft complaints. Police there declined to comment, but experts in Texas attribute the high volume to illegal immigrant and drug smuggling activity in the region. Another identity theft flashpoint is Brooklyn, N.Y. Six of the top 10 ZIP codes where victims suspect their assailants are based are located in that New York City borough. New York City police spokesman Sgt. Carlos Nieves said the department does not track identity theft by ZIP code, and it has no idea if Brooklyn is a hotbed for the crime.

For interactive map with breakdown of types of identity theft nationwide by ZIP code, go to: http://scrippsnews.com/content/map-identity-theft-complaints-zip-code
SPRING 2011 7

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT HOTSPOTS

Brownsville residents, identity thieves have your number

By isaac wolf Scripps Howard News Service

ant to lessen your odds of becoming a victim of identity theft? Dont move to Brownsville, Texas.
tity theft, said Paula Pierce, managing attorney at Austin, Texas-based Victims Initiative for Counseling, Advocacy and Restoration of the Southwest. Drug cartels use identity theft to get prescriptions for ingredients of methamphetamine, according to Pierce, who helps ID theft victims from across Texas, including Brownsville. They also use identity theft to launder money, by opening bank accounts in others names. Its along the corridor for transporting drugs from South America and Mexico up to the United States and Canada, Pierce said. So geography plays some role. Another factor is illegal immigration. Identity theft and illegal immigration are interwoven so bad, said Larry Wilson, director of Identity Theft Victims Support Group of North America. When you have one, youve got the other. So-called coyotes who smuggle illegal immigrants from Mexico into the United States have made a lucrative business selling stolen Social Security numbers to the aliens, Wilson said. That personal information is es-

More specifically, stay out of the citys 78521 ZIP code. That ZIP code has the dubious distinction of generating the most identity theft complaints over the last half decade, according to a Scripps Howard News Service analysis of more than 1.4 million reports made by consumers to the U.S. Federal Trade Commission. Residents from that ZIP code generated 1,513 complaints -- far more than the 922 complaints from the second-place ZIP code, 90044, near Inglewood, Calif. Another Brownsville ZIP code, 78520, ranks 12th nationally, with 813 consumer complaints. Also high on the list are ZIP codes in Texas towns near Brownsville, including Mission, Pharr and Weslaco. Brownsville, a bustling international seaport on the Gulf of Mexico with a population approaching 200,000, sits astride two crucial corridors of crime: the international drug superhighway and the path for illegal immigrants, according to experts. Youve got several different things that line up along the Texas-Mexico border that contribute to iden-

8 SPRING 2011

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT HOTSPOTS

Where the thieves are striking

ZIP codes with the most identity theft complaints, based on 1,375,487 victim complaints to the Federal Trade Commission from 2005 to early 2010 that include details on where the victim lives: 60617 Chicago 919 complaints

16% 14% 10% 10%

Tax or wage Employment New credit card Utilities

NY

3
IL CA
10456 Bronx, N.Y. 898 complaints

2
90044 Inglewood, Calif. 922 complaints 20% Employment 18% Tax or wage 9% New credit card

1,513 complaints
TX

78521 Brownsville, Texas

27% Tax or wage 12% Employment 12% New credit card

59% Employment 13% Tax or wage 6% New credit card

For interactive map with breakdown of types of identity theft nationwide by ZIP code, go to: http://scrippsnews.com/content/map-identity-theft-complaints-zip-code

Where theft suspects live

ZIP codes with the most suspected identity thieves, based on the 197,783 victim complaints to the Federal Trade Commission from 2005 to early 2010 that included details on the location of the suspected thief: complaints 11226 Brooklyn, N.Y. 381 11212 Brooklyn 342 90044 Los Angeles 276 10453 Bronx, N.Y. 273 10456 Bronx 248 11236 Brooklyn 247 11207 Brooklyn 246 11208 Brooklyn 244 11203 Brooklyn 240 75243 Dallas 231

Why they are taking your ID

Most common types of ID theft reported to FTC from January 2005 to March 2010:

New credit card

13.2%
185,287 complaints

Employment

11.2%
155,119 complaints

8.9%
125,230 complaints

Tax or wage

Existing credit card

7.7%

New utility account

4.6%

107,356 complaints

65,047 complaints

SPRING 2011 9

IDENTITY THEFT HOTSPOTS

sential for getting a job. Brownsville police declined an interview request. And its not an issue city residents want to discuss, either. Pierce, the victims advocate, contacted a dozen victims from the city, none of whom agreed to share their story publicly. I dont blame them, Pierce said. It is a crime that is so invasive. While victims are clustered in the Brownsville area, an epicenter for identity thieves appears to be 2,000 miles away in Brooklyn, N.Y. Six of the 10 ZIP codes most frequently listed as the location of the ID thief are in Brooklyn. Topping the list of locations is ZIP code 11226 (381 complaints), followed by ZIP code 11212 (342 complaints). Officials at the FTC note that all the complaints are selfreported and largely unverified. Of the more than 1.4 million consumer complaints to the FTC from January 2005 through March 2010, some 197,783 records or 14.1 percent included information on where the suspected thief was operating. Pierce and Wilson said that there is a connection between identity theft and international criminal operations, which frequently have outposts in New York. Frequently, fake e-mail phishing scams are based in Romania, the Dominican Republic and Russia. New York is headquarters for mafia groups, and there are international crime rings that operate massive identity theft and fraud scams in the United States, Pierce said. But Meg Garvin, executive director of the National Crime Law Victim Institute at Lewis & Clark Law School in Portland, Ore., is skeptical that victims know the true location of their predators. It is so difficult to unravel where the offender is, said Garvin, whose group investigates international ID theft and fraud schemes. Another possibility is that identity thieves may give victims false, New York-based addresses, according to New York City Police Department spokesman Sgt. Carlos Nieves. I have no idea why this is coming up, Nieves said, adding that New York City police do not track identity theft by ZIP code.

How to protect yourself

By isaac wolf Scripps Howard News Service

Each year, some 10 million Americans are victims of identity theft. Though the amount of damage can vary widely, the crime can haunt victims for years. But there are several steps consumers can take to protect themselves. All are based on the idea of being careful about your information. Here are tips on preventing or catching identity theft collected from federal officials, national experts, identity theft recovery services groups and victims.

Review monthly financial statements. Taking the time to look over monthly financial statements from credit cards, checking accounts or any other account can alert you to anything amiss. This could tip you off to identity theft long before an unpaid account hits your credit score.

check youR cRedit RepoRts eveRy yeaR. Under federal law, you are entitled each year to see your three credit files,

10 SPRING 2011

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT HOTSPOTS

which are held by credit bureaus Experian, TransUnion and Equifax. The free reports can be requested at www. annualcreditreport.com. Instead of checking all three reports at once, you can choose to access the reports individually every four months. That way you will cycle through all three reports over the course of the year. check youR eaRnings statements. If someone say, an illegal immigrant uses your name to get a job and report wages, it should appear in your annual earnings statement from the U.S. Social Security Administration. Reviewing this document can help red-flag labor-related ID theft.

Keep documents locked in a secure place. Dispose carefully of anything you dont need. Consider shredding waste. computeR secuRity. Strengthen your online passwords. Make sure your computers antivirus software is up to date. Be careful about online phishing, where a fraudster sends a legitimate looking email meant to steal access to your personal or financial records. Do not click on links in unfamiliar e-mails you get, spam in particular. Go to the website you know is the accurate one for the company.

Be waRy of tax-filing seRvices. Tax-refund identity theft is on the rise. Remember that the IRS does not initiate contact with taxpayers through e-mail. If you receive an email purportedly from the IRS or a company that says its endorsed by the IRS and it claims you have a refund waiting for you, it is probably a scam.

clean youR wallet. Try not to carry extra credit cards or other sensitive documents on a daily basis unless you really need them.

watch out foR scams. They can take many forms, especially by telephone, email or through classified listing sites like Craigslist. If an offer seems too good to be true, it probably is.

8 9

guaRd sensitive documents. Be mindful of documents that might be used to access a financial account or access to credit. Sensitive documents include credit card offers, Social Security information, drivers license information and medical information.

get a copy of youR health caRe file. In case you are ever the victim of medical identity theft i.e., someone gets medical attention in your name and on your dime you can use your real health care records to help prove that you are a victim.
SPRING 2011 11

For nearly five years, Joanna Saenz, of Denver, has tried to see the medical file created by an impostor at a Nebraska hospital. Saenz first learned of the medical ID theft when a credit check revealed that the Fremont Area Medical Center in Fremont, Neb., had billed her for a broken arm. At the time she had never been to Fremont. SHNS photo by Mark T. Osler

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

Doctors withhold records from victims of medical ID theft

By isaac wolf Scripps Howard News Service

ne patient nearly received a transfusion of the wrong kind of blood a life-threatening mix up. The cause? A bogus medical file that had been created by an identity thief.
reasons. Those could have been deadly, Ponemon said of the incidents. Affecting an estimated 1.5 million Americans overall, according to estimates from Ponemon, medical identity theft poses a threat beyond the headaches associated with fixing financial fraud: The crime alters your medical records and can compromise your care. Unlike financial ID theft which can be flagged through credit bureaus there is no central source for checking your medical records, according to the Federal Trade Commission, the federal consumer watchdog agency. Medical providers say that federal law hamstrings
SPRING 2011 13

The criminal used the victims name to obtain medical care. The criminals blood type was recorded in the victims medical records, leading to the almost-fatal mistake. It was a close call, said Larry Ponemon, a nationally recognized authority on identity fraud. Researching medical identity theft, Ponemon found that case and another instance where medical identity theft had placed a victims health in jeopardy. The second patient nearly got an inappropriate and unneeded procedure. Ponemon, chairman of the Traverse City, Mich.based Ponemon Institute, a think tank, declined to provide the individuals names, nor the name or location of the health care system with the bad records, for privacy

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

nomic recovery act may amplify the threat that inID theft victims from seeing files created in their name: correct records spread quickly and broadly, according Thats because medical records created for all patients to a government-commissioned report. including identity thieves who use your name are For nearly five years, Joanna Saenz, of Denver, has covered by privacy rules in the Health Insurance Portried to see the medical file created by an impostor at tability and Accountability Act (HIPAA), according a Nebraska hospital. Saenz first learned of the medical to Lawrence Hughes, assistant general counsel for the care when a credit check revealed that the hospital, the American Hospital Association, based in Washington, Fremont Area Medical Center in Fremont, Neb., had D.C. billed her for a broken arm. You must protect all persons information whether it is a real patient or a patient that has committed a case of identity theft, Hughes said. You must protect all persons For Americas victims of medical ID theft, information whether it is a real there is no system to identify and correct the patient or a patient that has damage left by an impostor. In fact, a Scripps committed a case of idenity theft. Howard News Service investigation finds: Medical providers are refusing to give ID Lawrence Hughes, American Hospital Association theft victims access to records, invoking the privacy rights of the thieves, according to victims, The suspected culprit was a woman who used experts and hospital officials. The only way for this to Saenzs identity for years, obtaining credit cards, a drivchange is for federal authorities to create explicit rules to ers license and other accounts, Saenz said. While living help medical ID theft victims, some say. out this elaborate lie, the thief needed medical attention Even when hospitals are alerted about erroneous for a broken arm and, later, a pregnancy, Saenz said. medical files, they have no systematic way to fix the reSaenz said she refuses to pay the impostors bills. cords, experts say. The hospital has no record of anyone trying to ac The move toward networked electronic medical cess Saenzs file, according to a spokeswoman there. records spurred by $19 billion from the 2009 eco-

Who is most at risk of ID theft?

Your risk of being a vicitim based on ... Gender
5.1% 4.8%

Over a two-year period from 2006 to 2008, 11.7 million Americans age 16 or older were victims of real or attempted ID theft.

age

6.0%

5.9%

5.1%

4.8%

3.7%

Female

Male

16-24

25-34

35-49

50-64

65 or older

14 SPRING 2011

Source: Victims of Identity Theft 2008, Office of Justice Programs, Bureau of Justice Statistics, U.S. Department of Justice, 2010.

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

A small sampling of the paperwork Joanna Saenz accumulated in trying to find Patricia Garcia-Pardo (top photo), who had been living and working in Nebraska under the false identity of Joanna Saenz. Saenz had her Social Security card and birth certificate stolen during a family visit in Juarez, Mexico in 2000.

Race

10.4%

Household income
7.0%

5.1%

4.1%

4.4%

5.0% 3.6%

4.9%

5.1%

White

Hispanic

Black

Other

Multiracial

Less than $25,000

$25,000 to $49,999

$50,000 to $74,999

$75,000 or more

SPRING 2011 15

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

Think youre a victim of ID theft, or ...

Take these steps recommended by federal authorities and private experts to determine if someone has used your name fraudulently and to correct your records. keep a complete copy of your medical records. If someone steals your medical identity, it helps to have an accurate, unaltered version. Request records from your doctor before your next visit. check your credit score from one of three credit bureaus: Experian, TransUnion and Equifax. If an ID thief got medical care in your name and didnt pay for it, the bill may show up on your credit report. Read statements from your health insurer. After processing a claim, an insurance company is supposed to send an explanation of benefits (EOB). If youre sent this document for medical care you did not receive, you might be an ID theft victim. contact your insurance provider to make sure it has your correct mailing address. Some ID thieves alter billing addresses to keep victims from realizing what is happening.

16 SPRING 2011

I am still trying to convince them to give me the records, said Saenz, 27. Saenz said she is staying away from the area about 30 miles from Omaha for fear that if she needs medical attention there, her records might be wrong. There are many ways criminals engage in medical ID theft. Common schemes include organized rings that defraud insurance companies and Medicare. One such ring, busted last October, stands accused of submitting false patient claims on thousands of Medicare beneficiaries to steal more than $163 million, according to the U.S. Department of Justice. The New York-based enterprise made money by using the identities of doctors and patients to submit false claims, according to an indictment. Methamphetamine abusers also steal identities to access prescription drugs or insurance payouts, according to the Justice Department. Thieves can gather medical information from a variety of places, including breaches from health care companies. In early March, California state authorities reported that Health Net Inc., an insurance company based in Woodland Hills, Calif., had lost personal information on 1.9 million current and past enrollees around the nation in January, and waited two months to make the breach public. The risk of inaccurate medical records is mushrooming. As the medical industry replaces paper files with linked, electronic databases, the potential harm from inaccurate patient information will cascade, ID theft experts and data security analysts warn. Thats because in the electronic world, incorrect medical records will have an ever-greater chance of making their way to the doctors seeing the identity victims. You have someone elses medical history entangled in your medical records, said Linda Foley, founder of the Identity Theft Resource Center in San Diego. Unaddressed medical identity theft can also take a financial toll. It can drag down a credit score and victims may have a harder time getting private insurance, experts said. Federal authorities have been alerted. Months before the

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

February 2009 recovery act set aside $19 billion for electronic health records, a report commissioned by the U.S. Department of Health and Human Services warned that the move to computerized medical files could spread false records quickly and broadly. Electronic record systems could move inaccurate files across countless systems, making it more difficult for victims to remove mistakes, consultancy Booz Allen Hamilton wrote in an Oct. 15, 2008 report. But even when ID theft victims determine which hospitals have the doctored records, they frequently cannot view the files, experts and ID theft victims said. When an identity theft victim asks to see records created by thieves, hospitals frequently deny them, citing HIPAA. The law safeguards medical patient privacy -- and hospitals have interpreted this to include ID thieves. Theres a very significant Catch-22 that has not been resolved here, said Pam Dixon, executive director of the World Privacy Forum, a San Diego-area nonprofit that works with identity theft victims. Both the U.S. Federal Trade Commission and Health and Human Services said that hospitals should give you access to the file created in your name. But those agencies acknowledge that medical providers sometimes deny ID theft victims access to the records. Rick Kam, whose company helps hospitals respond to data breaches, said he knows why hospitals are not providing access to the records: They fear legal liability under HIPAA, said Kam, president of Portland, Ore.-based ID Experts. Whats necessary is a new law creating a medical ID theft victims bill of rights, spelling out how a victim can access and correct the file and providing immunity for hospitals that do release the information, Kam said. Even when hospitals grant access to the tainted records, they are not necessarily doing a good job fixing them, Ponemon said. His research has found that medical institutions have no consistent system for correcting the mistakes. There is not a set of standard procedures that we observed, he said. You are relying on the judgment of individuals, and that is not a good thing.

... a victim of medical ID theft?

understand that there is no clearinghouse for medical records. In contrast, credit bureaus collect credit-account information and can provide a recovery roadmap for victims of financial ID theft. So, you might not find out about instances of medical ID theft until you receive a hospital bill or insurance claim for medical care. ask for copies of medical records and bills. Use these to identify inaccuracies. Be prepared to push. If a health care provider refuses to give you access to medical files created by an ID thief, citing federal health privacy law, appeal. Contact the providers patient representative or ombudsman. Request an accounting of privacy disclosures. This accounting will report how and with whom a medical provider has shared your information. It may indicate whether medical information has been released inappropriately. Ask the health provider for the date of the disclosure, who got the information and why. file a complaint. If you think your privacy rights have been violated, contact the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs. gov/ocr ; you can also file a complaint with the Federal Trade Commission at https:// www.ftccomplaintassistant.gov .
SPRING 2011 17

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

Medical ID theft victims need way to fix records, lawmaker says

By isaac wolf Scripps Howard News Service March 22, 2011

WASHINGTON A Catch-22 that keeps vicchairman of the Traverse City, Mich.-based Ponemon tims of medical identity theft from seeing and fixing Institute think tank. The crime can take many forms, false and potentially harmful health records creincluding fraudulent billing schemes, drug abusers who ated in their names needs to be fixed, according to the steal identities to access prescriptions and cash payouts, top Democrat on a House health subor simply individuals who need care committee. but do not want to pay. Rep. Frank Pallone, N.J., rankPallones office is researching the ing member of the House Energy and issue by working with hospitals in New Commerce Committees health subJersey and the American Hospital Ascommittee, said he is working to alter a sociation. New Jersey hospitals confederal law that hospitals have used to tacted by Pallones office said they are keep medical identity theft victims from concerned about medical identity theft accessing and correcting inaccurate files and aware of the access issues raised by left by impostors. the federal medical privacy rules. Hospital industry officials say fedHis office will also contact the U.S. eral privacy rules prevent them from Department of Health and Human Rep. Frank Pallone, D-N.J. allowing ID theft victims to obtain the Services, which oversees medical prirecords left by fraudsters. vacy rules laid out in the Health InsurPallone said he wants to make the change either by ance Portability and Accountability Act. clarifying federal rules or by passing a new law. The federal agency says hospitals should allow ID We need to have some regulatory change or legistheft victims to see and correct records. However, the lation ... that would give hospitals direction so patients agency acknowledges that medical providers refuse recould see the file and correct it, Pallone said. quests because of their strict interpretation of HIPAA. The lawmakers comments come in response to a But even when hospitals do grant victims access Scripps Howard News Service investigation published to the records, there is no standard for fixing the files, March 16, which found that victims of medical identity Ponemon and others told Scripps Howard. theft have no recourse for identifying and correcting the Pallone said he wants to fix this. damage left by ID thieves. There is a problem, and, many times, patients are Overall, medical identity theft affects 1.5 million not able to see the file, Pallone said. If they do see it, Americans, according to an estimate by Larry Ponemon, they want to be able to correct it.

18 SPRING 2011

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

Tax-refund ID thieves face crackdown on growing scams

By isaac wolf Scripps Howard News Service May 25, 2011

IDENTITY THEFT TAX FRAUD

WASHINGTON Congress wants to crack down on identity thieves who steal other peoples tax refunds by submitting false returns to the IRS. As reports of tax-related identity theft skyrocket, Sen. Bill Nelson, DFla., called on the IRS to tighten safeguards against the crime and better assist victims who must wait months -- sometimes years -- to get their rightful refunds after the scam is detected. At a hearing of the Senate Finance Subcommittee on Fiscal Responsibility, which he heads, Nelson said he wants to thwart the surge in the crime. In 2010, the IRS identified 248,357 stolen tax refund ID theft cases -- more than in the previous two years combined (220,789), according to the U.S. Government Accountability Office, the investigative arm of Congress. The widespread use of Social Security Numbers has made it easy for crooks to submit false tax returns and steal the refunds, Nelson said. The keys to the tax system have been copied many times over, he said. It should come as no surprise, then,

when our tax system is bombarded with sham tax returns. A Scripps Howard News Service investigation in February detailed how thieves -- under the radar screen of law enforcement or the IRS -- have flocked to the crime. Scripps reported that complaints to federal authorities of those ID crimes more than tripled from 2005 to 2009. The spike comes as other forms of ID theft have been declining, thanks in large part to vigilance by credit card companies. The IRS is tackling the growing volume of fake returns, and, as of May 12, had detected 145,537 bogus 2010 returns out of nearly 200,000 it had flagged for inquiry. But victims say their problems are compounded by how the IRS handles the cases. They say dealing with the IRS is confusing, and that the agency provides little help in untangling them from the mess and getting them their rightful refunds. The IRS continues to treat me as if I am the one to blame, said Sharon Hawa of New York, who has lost her refund to a crook twice. After Hawa learned in early 2009 that her tax return had been rejected -- someone had already filed a 2008

return in her name -- it took the IRS 16 months to issue Hawas rightful $6,604 federal refund. This year, Hawa lost her 2010 federal and state refunds totaling $6,335 to ID thieves. Unfortunately, the IRS seemed more disorganized this year than the first year it happened to me, she said. Hawa is still waiting for her 2010 federal refund. The IRS contends it is vigilant, and detects -- and prevents -- more fraud than not. Beth Tucker, IRS deputy commissioner, said at the hearing that the IRS has kept $929 million in tax refunds from going to ID thieves since 2009. Even so, she said the IRS estimates it pays out $15 million each year into the hands of ID thieves. But National Taxpayer Advocate Nina Olson -- head of the independent IRS consumer watchdog office -cast doubt on the IRS figures, saying that there are no accurate estimates for how much the crime costs taxpayers. They dont believe their own numbers, she said. Olsons office, which helps the public deal with the IRS, has received 60 percent more ID theft cases this year than in the same period in 2010.

SPRING 2011 19

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

KSHB KANSAS CITY, MO.

Making news around America

WXYZ DETROIT

IDENTITY THEFT

WEWS CLEVELAND

KNXV PHOENIX

ABC WORLD NEWS WITH DIANE SAWYER

ABCNEWS.COM

20 SPRING 2011

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT IDENTITY THEFT

STUART (FLA.) NEWS NEWS SENTINEL KNOXVILLE, TENN. NAPLES (FLA.) DAILY NEWS

CALLER-TIMES CORPUS CHRISTI, TEXAS

STANDARD-TIMES SAN ANGELO, TEXAS KITSAP SUN BREMERTON, WASH. COURIER & PRESS EVANSVILLE, IND.

TIMES RECORD NEWS WICHITA FALLS, TEXAS

SPRING 2011 21

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT THEFT

COURIER & PRESS EVANSVILLE, IND. INDEPENDENT-MAIL ANDERSON, S.C. THE COMMERCIAL APPEAL MEMPHIS, TENN.

NAPLES (FLA.) DAILY NEWS

WEWS CLEVELAND

PUERTO RICO DAILY SUN SAN JUAN, PUERTO RICO

STANDARD-TIMES SAN ANGELO, TEXAS

GLOBAL SECURITY WATCH

AMERICANS FOR LEGAL IMMIGRATION

22 SPRING 2011

SPRING 2011 22

SCRIPPS HOWARD NEWS SERVICE SPECIAL REPORT

IDENTITY THEFT MEDICAL RECORDS

Editorial

Medical ID theft is a growing problem

The theft of peoples identity to obtain medical care and prescriptions is a fast-growing and potentially deadly form of fraud. Medical records created or altered by a thief could result in the real patient receiving a transfusion of the wrong type of blood or being given medicine that causes a severe and life-threatening reaction. Estimates are that 1.5 million Americans are victims of this identity fraud, a tiny fraction of those receiving medical care. But experts interviewed by reporter Isaac Wolf of Scripps Howard News Service say that the problem could exponentially worsen as medical records become increasingly computerized and increasingly available online. That process will be greatly accelerated by $19 billion in the 2009 economic recovery act to encourage electronic medical records. A federal report at the time warned that this would allow false documents to spread quickly and broadly across medical databases. At the broadest level, the theft of doctor and patient records can be used to generate false Medicare claims, an alleged $163 million worth in the case of a New York-based ring busted last October. At the simplest level, one person steals another persons identity to receive medical care unwittingly paid for by the victims insurance company. The fraud can go unchecked for some time thanks to a frustrating Catch-22 under Health Insurance Portability and Accountability Act, a federal law that is basically a medical privacy act. Federal authorities say that patients are entitled access to medical records created in their name. But out of an abundance of caution and a fear of liability, many hospitals bar possible identify theft victims from access to their own records in order to protect the identify of the thief. This suggests possible areas for congressional action. HIPAA needs to be amended to protect hospitals legitimately trying to detect identity theft, and it needs a systematic way to identify and correct records compromised by fraud. Financial ID theft can be flagged and rectified through the three major credit bureaus and the Federal Trade Commission. Victims of medical ID theft likewise need a central place to turn to repair their records and even locate the thief. Financial ID theft can wreck your credit. Medical ID theft can wreck both your credit and your health.
DalE McfEaTTERs Scripps Howard News Service

SPRING 2011 23

Identity Theft
Editorial

Bad guys have their eyes on your tax refund

Right at the top of the Internal Revenue Service website the genuine IRS site, mind you is a heading asking the question every taxpayer wants to know, Wheres My Refund? Click on it and the very next sentence you see is: Dont fall for scams about your refund. IRS never initiates email, and it invites visitors to click on another site called, identify and report refund scams. The Treasury asks taxpayers to report any suspicious emails or websites purporting to be connected to the IRS to phishing@irs.gov. Phishing, as anyone unfortunate enough to be victimized knows, is a plausible-looking but still phony e-mail or website that elicits personal information for fraudulent purposes. And, as Isaac Wolf of Scripps Howard News Service reports, one of the fastest growing forms of identity theft is crooks using purloined Social Security numbers and personal information to divert tax refunds from the rightful recipients. The Federal Trade Commissions database reveals a tripling of tax- and wage-related ID thefts from 2005 to 2009. ID theft complaints tend to wax and wane as the authorities crack down on one sort of fraud, and it takes the crooks awhile to settle on another. The FTC data shows an overall drop in credit cardrelated complaints, but as weve seen, purloined tax refunds are way up, as are lifting identities to open new utility accounts. One of the clever wrinkles in diverting tax refunds is to gain the necessary taxpayer information by offering free tax-filing services. Those unfortunate people who took advantage of one such offer found their returns doctored to justify large refunds with the cash sent to the con artists. The service claimed to be approved by the IRS; in fact, it was based in Belarus in Eastern Europe. The IRS website offers two examples of phishing e-mails. One official looking form invites the taxpayers to apply, to access the form for your tax refund. It is scarily impressive but the IRS doesnt do business that way. The other form is written in that broken English weve come to know from the Nigerian scams. Either way, you cant be too careful, and remember, its your money.
DalE McfEaTTERs Scripps Howard News Service