HHS: Privacy laws don't bar fraud victims from seeing thieves' medical data

People who have their identities stolen have the right to review and correct their own medical records--including taking a look at medical records of the thieves themselves, the Obama administration has said.

Some victims of medical identity theft have been thwarted in their efforts to make corrections to their own records because the thieves' medical data, which is now folded into theirs, is protected by federal privacy law, according to a story in The Wall Street Journal.

The administration outlined the policy in a letter to the Senate Health, Education, Labor and Pensions Committee (HELP). Republican members of the committee have criticized the president as not doing enough to protect consumers.

The committee is looking at ways to "ensure the administration starts taking these threats more seriously," an aide told the WSJ.

In one case of medical identity theft previously reported in the WSJ, Shanee Halberd sought help from a data security firm after finding out her Social Security number had been used by someone for treatment at WellStar Cobb Hospital, near her home in Kennesaw, Georgia. Although her bill for the service was waived, privacy laws prevented her from determining how the fraud occurred in the first place.

Four senators from the HELP committee in November asked the Department of Health and Human Services what it's doing to prevent data breaches that can lead to medical identity theft.

The Senate Committee on Aging heard expert testimony in October on the identity theft risks among Medicare beneficiaries.

To learn more:
- here's the WSJ story