Join 3,433 readers in helping fund MetaFilter (Hide)

Tags:

Received someone else's medical bill
May 24, 2010 10:19 AM   Subscribe

I received someone else's medical statement with lots of personal information to boot. What do I do next?

I have visited a psychotherapist on several occasions, whose office is part of a larger hospital that also handles the billing. I pay my therapist at the time of the visit, and the hospital later sends me a statement.

Yesterday, I received an envelope that was addressed to me, but inside was someone else’s statement!

The statement includes someone else’s entire list of visits since the beginning of the year, as well as their name, address, phone number, date of birth, and what looks like a social security number. (There is a field that is labeled “IRS #”, is the correct number of digits, and the first three digits match the SSN prefix range for a bordering state.)

Furthermore, I searched for the person’s name online, and someone with the same name, age, and town with a population of under 40,000 was arrested on burglary charges last year. My therapist specializes in substance abuse and addiction, though that is not why I go.

I’m obviously worried that this person or someone else received my statement with the same set of information that violates my privacy and opens me up to identity theft.

I’m already going to get in touch with a lawyer that specializes in HIPAA law. I’m going to be watching my credit report more closely now. I haven’t gotten in touch with the hospital or my therapist about it yet. Is there anything else I should be doing?

I live in New Jersey, as does the other patient. The hospital is located in New York.
posted by anonymous to Law & Government (7 answers total)
 
Register a complaint with the Joint Commission. Hospitals take their JCAHO accreditation very seriously.
posted by elsietheeel at 10:24 AM on May 24, 2010


What do I do next?

Sounds like you're on the right track w/r/t HIPAA-law attorney and watching your stuff closely. You should also contact your medical insurance company and explain to them what happened.

Oh, and one more last thing...

Furthermore, I searched for the person’s name online, and someone with the same name, age, and town with a population of under 40,000 was arrested on burglary charges last year.

Never again admit to anyone that you did that. Why? Because it is conspiracy to commit identity fraud. You have absolutely no reason to need or seek out this information. If your lawyer needs it, he will subpoena it from the hospital.
posted by griphus at 10:25 AM on May 24, 2010 [1 favorite]


Return the errant statement. Ask your therapist about the other statement and have him contact the other patient. Get a credit report and watch service.
posted by caddis at 10:29 AM on May 24, 2010


If you are paying via any insurer, complain to them. They will have a set process for investigating HIPAA violations.

The biggest concern to me is that whoever's doing the billing is possibly including the SS# of the patient--this is unnecessary and most insurers generate a unique number for their members, and never use the SS# as an identifier, because what happened to you is bound to happen eventually.

In general, it seems that the billing people are putting far too much info on their statements, period; no need to put a phone number on there, for example. Bad practice all around.

You could verify whether SS# is being used by looking at your own old statements. Is your SS# on those?
posted by emjaybee at 10:36 AM on May 24, 2010


From what you described you appear to have poured over this data pretty heavily, to the point of Googling the name the statement was for.

Someone else's statement got put in your envelope. That's bad, and absolutely worth a complaint, and to have the credit agencies put an alert on your file/s. It is a bad mistake on the hospital's part, one that frighteningly does get made from time to time.

But, (and I say this as kindly as I can say such a thing), you should have dead-stopped once you realized it was someone else's data. Should have put it in another envelope and sealed it up, then figured out what to do. In my opinion, and it is only my opinion, your actions where nearly as bad as the hospitals, especially because they where intentional.
posted by edgeways at 10:39 AM on May 24, 2010 [5 favorites]


Furthermore, I searched for the person’s name online, and someone with the same name, age, and town with a population of under 40,000 was arrested on burglary charges last year.

You should have called your therapist and put it back in the mail immediately. You should definitely register a complaint and demand your therapist delete your SSN from all of her records.
posted by anniecat at 10:56 AM on May 24, 2010


I had this happen, except by fax, a couple of years ago; the provider blew me off with "oh, it must have been a mistake with the fax machine. No big deal." I filed a HIPAA complaint with the Department of Health & Human Services (http://www.hhs.gov/ocr/privacy/hipaa/complaints/); eight months later, the provider had been fined and required to make some major changes to their procedures.
posted by Parade of Horribles at 2:24 PM on May 24, 2010


« Older My husband has Asperger's Synd...   |  Starting self-destruction youn... Newer »
This thread is closed to new comments.