decorative blue line
increase size of text decrease size of text
Can Medical Identity Theft Impact Your MIB Underwriting Services Consumer File?

The notion of identity theft makes most people think of financial identity theft—stolen credit cards and bills for goods purchased by an identity thief. For instance, an unfamiliar purchase on your credit card statement or credit report could be the first sign that your financial identity has been compromised. Identity thieves impersonate you to steal money, goods or services in your name. They may use your credentials to withdraw cash on your debit card or to fraudulently open new credit accounts.

Thieves use various methods to obtain your personal information. They could purposely bump into you to snatch your wallet or simply steal the contents of your mailbox. You could also get victimized by a crime ring running a complex scheme, such as online phishing, where you are tricked by imposter e-mails or websites into providing account information. In recent years, there have been numerous high profile security breaches of retailers. In those cases, criminals have accessed and then stolen credit card account information for millions of the retailers' customers. No matter how it occurs, your stolen identity will catch you off-guard, especially when a creditor denies your credit request or calls about unpaid bills. In the end, you may be left with a cloud over your credit history and bills incurred by your imposter.

In addition to the theft of an individual's financial identity, there are sometimes implications for the "medical identities" of victims as well. Medical identity theft might involve an instance where a thief steals a victim's health plan member identification card and uses that information to obtain prescription drugs or medical services. In addition to running up your medical bills, medical identity theft could also jeopardize your health and well-being if a thief obtains treatment under your name and erroneous data is added to your medical records. This would likely only happen if the imposter received services from one of your own healthcare providers. An emergency room physician could subsequently review your corrupted medical file and provide or prescribe you inappropriate treatment based on the imposter's medical make-up. Accordingly, it is very important for consumers to be aware of medical identity theft and the ways to prevent it.

Medical Identity Theft: The Absence of Impact on MIB

As a membership corporation of insurance companies that maintains a confidential database of individually identifiable information significant to underwriting applications for life and health insurance, MIB Group, Inc. ("MIB") is concerned about the problem of identity theft.

MIB is the largest, most successful cooperative effort in North America to detect and deter errors, omissions and misrepresentations made on insurance applications. It operates the flagship MIB Checking Service, a shared, confidential, industry-wide database used in the individual underwriting of policies for life, health, disability income, critical illness and long-term care insurance. Its mission is to detect misrepresentations and potential fraud on applications for insurance and to prevent anti-selection, thereby helping to keep insurance premiums affordable for all consumers. MIB's business model involves the authorized collection of underwriting information in coded form from its members, the secure maintenance of that coded information, and the authorized dissemination of it to MIB members. For additional information, please refer to "About MIB" on this website.

Commentators have inappropriately recommended that consumers should contact MIB to review their "healthcare" records for evidence of identity theft. Fortunately, however, a criminal who is predisposed to steal your medical identity would have little interest in pilfering your MIB Underwriting Services Consumer File. That is because MIB Underwriting Services Consumer Files do not contain health plan member identification numbers—the precious piece of data that would be needed by a medical identity thief to use your health plan coverage.

Furthermore, MIB only receives very limited data in coded form from member insurers, and does not receive the actual or complete details about an applicant's medical conditions. In other words, information about a consumer's medical or other conditions (typically hazardous avocations or adverse driving records) is translated into MIB's codes. These codes can be thought of as an "early" form of encryption that is both highly confidential and proprietary to MIB. Therefore, this information, even if it were decoded, could not lead to identity theft or financial fraud.

Many consumers do not even have an MIB Underwriting Services Consumer File because MIB receives and shares information solely from and with a member insurer, and only when a consumer applies for insurance with an MIB member and consents to this exchange. Therefore, consumers will not have an MIB Underwriting Services Consumer File if they have not applied for individually underwritten life, health, disability income, long-term care or critical illness insurance with a member insurer within the past 7 years or earlier depending on applicable law.

Accordingly, while an identity thief could certainly accumulate medical bills for uncovered services or co-pays in your name and thereby hurt your credit, MIB does not have any knowledge that its confidential and secure consumer database has ever been corrupted by medical identity theft. We are also unaware of any situation where a consumer's MIB Underwriting Services Consumer File was inaccurate as a result of medical identity theft.

Maintaining Accurate MIB Records

MIB and its members are fully committed to maintaining accurate and confidential records in its database. To maintain accurate records, MIB and its members operate in conformity with MIB's longstanding General Rules and the federal Fair Credit Reporting Act ("FCRA"). Under the General Rules, each member insurer is obligated to promptly cancel, correct or supplement any codes reported to MIB when it discovers or otherwise receives information indicating that such report was inaccurate or incomplete. MIB also has a robust data quality program, and regularly audits members to ensure the quality of the consumer data reported to MIB. Further, each member insurer signs an annual pledge to warrant that it has "an adequate system for the complete, accurate and timely reporting of information to MIB using MIB's proprietary codes."

In compliance with federal regulation, MIB has policies for assisting identity theft victims, should the need arise. Under the Fair and Accurate Credit Transaction Act of 2003 ("FACTA"), which amended the FCRA, the principle obligation of a nationwide specialty consumer reporting agency like MIB is to block the reporting of any information in a Consumer File that the consumer identifies as data resulting from an alleged identity theft. To comply with FACTA, MIB's Internal Procedural Rules acknowledge that a block may be imposed on a consumer's file at the consumer's request once four statutory requirements are met. Since FACTA became effective on December 1, 2004, MIB has not received any legally appropriate request to block a Consumer File in the MIB database.

If you recently applied for insurance with an MIB member company, you can easily check to see whether the company (or any other company to which you earlier applied for insurance within the past seven years) accurately reported information about you by getting a free copy of your MIB Underwriting Services Consumer File ("Disclosure"). MIB is required to provide, upon request, free Disclosure of your MIB Underwriting Services Consumer File (if any) in a 12-month period, provided that you use MIB's "streamlined" process. Please visit for more information.

When MIB provides consumers with their free annual Disclosure, we advise consumers of their right to question the accuracy of the information in their MIB Underwriting Services Consumer File, and to seek a correction of it by writing to MIB and following the procedures set forth in FCRA. When consumers dispute the accuracy of any item in their MIB Underwriting Services Consumer File, MIB will contact the reporting member insurer, which will then conduct an investigation to determine the accuracy and completeness of the disputed information. Ultimately, the goal of the investigation is to help ensure that consumer information is accurate and complete. For more information, please visit How to Dispute Your MIB Underwriting Services Consumer File.

Vigilance Prevents Victimization

In the event that you discover inaccuracies in your credit report or medical records, you can correct such inaccuracies by working with the creditors, healthcare providers and insurers that create and maintain those records. However, it is prudent to take preventive measures that should decrease the chance that you will get victimized in the first place:

  • Safeguard your health plan membership card like it is a credit card.

  • Insist that your healthcare providers check your ID when they request your health plan card and request they do the same for all their patients. By verifying your credentials, healthcare providers can ensure that imposters are not able to seek treatment, buy prescription drugs, or make false claims for medical services using your benefits.

  • Monitor inaccuracies in your "Explanation of Benefits" statements from your health plan and report any discrepancies.

  • Beware of "free" services, especially if you are asked to provide your insurance ID number.

  • Regularly review your medical records to ensure accurate treatment data, and pay close attention when a healthcare provider reviews your medical history with you.

  • Acquire free annual credit reports to check for fraudulent medical debts and other inaccuracies.

Victims of Identity Theft

If you are victimized by a financial identity thief, you should gather information about the crime, file a report with the local police department and cancel your compromised accounts. You should also contact the major credit bureaus (Experian, TransUnion and Equifax) to report the crime and provide copies of the police report. You could also request that fraud alerts be placed on your credit files. You need only contact one of the three credit agencies because each is required by law to inform the others about the fraud alert. The initial fraud alert lasts for 90 days and can be indefinitely renewed. It notifies would-be creditors to use caution and due diligence if anyone tries to obtain credit in your name. The Federal Trade Commission has published a helpful guide for identity theft victims entitled, Take Charge: Fighting Back Against Identity Theft.

Similar to financial identity theft, cleaning up a medical identity crime is complicated and time-consuming. You should immediately notify your health insurer, file a police report and, as appropriate, send copies of the police report along with a letter to inform insurers, healthcare providers and credit bureaus. Ultimately, you should have any errors in your various medical records corrected.