How doctors can protect themselves from identity theft

By Naveed Saleh, MD, MS
Published November 30, 2021

Key Takeaways

Busy physicians have a lot on their plates, and plenty to worry about. Unfortunately, identity theft should also be on their radar.

In general, identity thieves target high earners. High earners tend to have a bigger digital footprint and spread their discretionary income among a wide variety of retailers and service providers. Those in higher income brackets also typically use many credit cards, which can also raise the risk of identity theft.

Let’s take a closer look at what you can do to keep your identity safe, including how to protect yourself if you are a Medicare provider. 

Steps you can take

According to identity protection sources, including the cybersecurity-software maker NortonLifeLock Inc. and, there are ways to keep your identity safe, such as: 

  • Create a strong, unique password.

  • Consider answering security questions falsely (eg, “hummingbird” when prompted for your mother’s maiden name).

  • Enable dual-factor authentication.

  • Keep close tabs on your Social Security number and always find out where and why it is being used.

  • Separate personal and professional social media accounts, and make sure that your personal information is shared only with family and close friends.

  • Beware of friend requests or invitations on social media from people you don’t know.

  • Avoid buying items from online retailers that you don’t know.

  • Don’t buy things based on unsolicited phone calls or emails, which could be phishing for your info.

  • Don’t give out your birth date or bank account number unless absolutely necessary.

  • Don’t leave mail in the mailbox for days on end.

  • Have the postal service hold your mail when you are away.

  • Activate the security features on your smartphone.

  • Closely review your credit card statements and check against receipts.

  • Use a virtual private network (VPN) when using public wi-fi.

  • Keep your firewall and security settings current.

  • Use cybersecurity software on your devices.

  • Check your credit reports periodically to determine whether any unauthorized accounts have been opened.

  • Store all your personal documents in a safe place that isn’t accessible to others.

  • Shred old credit cards, credit card statements, receipts, and so forth to keep them safe from people rummaging through trash cans or dumpsters.

  • Check your bank account statements for unauthorized transactions.

Medicare fraud and identity theft

As a Medicare provider, imagine receiving demand letters to claw back overpayments or receiving a 1099 for funds that you were never paid. In addition to causing a headache, these scenarios likely represent identity theft, with bad actors using this information to bill Medicare for services that were not provided or that were unnecessary. Unfortunately, Medicare providers could be on the hook for these false charges.

The CMS Center for Program Integrity (CPI) is a resource for recourse and resolution for physicians who had their identities lifted and who face financial liabilities. 

If you think that you’ve been a victim of Medicare identity theft in the form of overpayments or debts, do the following, per CPI:

  1. Get in touch with your Unified Program Integrity Contractor (UPIC), which acts as the investigator in these situations. Tell them about any strange activity, including claims from beneficiaries (ie, patients) who were never treated but who have your information on their Medicare Summary Notice (MSN).

  2. Contact your Medicare Administrative Contractor (MAC) and ask about any changes to your Medicare enrollment and determine whether you made these changes.

  3. Answer all inquiries from the UPIC. The UPIC will ask to interview you. After verifying their credentials, do the interview.

  4. Let the police know that your ID has been stolen.

Retired providers and Medicare identity theft

Retired Medicare providers are at special risk for identity theft. This crime takes the form of a deduction from Social Security checks. The deduction will be listed as Medicare debts referred to the Treasury Department from the MAC due to overpayments. 

According to CPI, if you aren’t planning on tendering claims to Medicare, notify your MAC and terminate your Medicare enrollment as a means of protecting yourself from identity theft.

Bottom line

As a physician, you are prone to identity theft. Of high concern is theft of your identity as a Medicare provider, which can result in overpayments you never receive but are on the hook for if not resolved with CMS. Fortunately, there are steps that you can take to protect your identity.

Click here to learn more about how to protect yourself from hackers. 

Share with emailShare to FacebookShare to LinkedInShare to Twitter