That's because medical records contain your financial and insurance information. So an enterprising fraudster with a "full" can drain your bank account and run up credit cards while filling fraudulent prescriptions and getting a facelift. That's why "fulls" sell for $50 and Social Security numbers go for a dollar or two on scammers' websites (yes, they have websites) and the black market, Kirchheimer said.
With the act about to expand coverage to millions, the two biggest scams now circulating, he said, are people selling fake insurance and posing as a government employee.
The fake-insurance deception is usually done on the phone. The thief calls to sell you health insurance on the online marketplace at a discount. All he needs is your bank account number to set up direct withdrawal. Of course, you can't buy any insurance on the marketplace until it opens Oct. 1.
But it sounds legitimate because agents and brokers are allowed to assist people in enrolling for coverage. Legitimate agents or brokers will identify themselves and acknowledge any link to an insurer. Agents and brokers don't have to show clients the full range of insurance available, but they must tell people about the online exchange.
Crooks are making calls and even going door to door, posing as government employees for agencies such as the Department of Health and Human Services and Medicare. The marks - that would be you - are told they are among an initial group of Americans selected to receive the new ACA insurance card. To get it, all you must do is provide your Social Security and bank account numbers. The caller may also ask for a Medicare number, which is the same as your Social Security number.
The ACA does not require an identification card.
"We are going to warn people," said Laura Line, corporate assistant director for health care at RHD, a Philadelphia nonprofit that works with many uninsured clients. "You don't take cold calls and give people your personal information. That is not how we operate."
Online, scammers are setting another kind of trap: look-alike websites. Thieves are buying similar-sounding domain names and designing sites that look official. They often contain links that, if clicked on, install malware on your computer, giving scammers access to your information.
The federal government has only one official health-care website: healthcare.gov.
"Sometimes scammers use dot org, dot com, or dot net," Kirchheimer said. "Those are the telltale signs of a scam. If it's a state agency, it will have a dot gov URL."
But not always. In Pennsylvania, where the federal government is running the exchange, the official health-care website is a dot com.
"We used dot com because research actually showed that sometimes people don't trust government websites and don't want to use a government website," said Melissa Fox, spokeswoman for the Pennsylvania Insurance Department. "We used dot com because it shows that it is an unbiased source of information."
The state recently had to ask a Willow Grove insurance broker to take down his dot com website because it bore the commonwealth's seal. Fox said officials don't believe it was a scam.
What scam is next? Kirchheimer said to expect robocalls, like the recorded pleas politicians use around election time. Only this time, the message will puportedly be from Medicare, the Social Security Administration, or HHS, urging you to dial a number to confirm that you are enrolled in health insurance.
"People really need to know that the government never asks you to confirm your information," Kirchheimer said. "The government doesn't call. If they have an issue, they will send you a mailed letter."
Contact Robert Calandra at 215-836-0101 or R.firstname.lastname@example.org. This article was produced in partnership with Kaiser Health News, an editorially independent program of the Henry J. Kaiser Family Foundation, a nonprofit, nonpartisan health-policy research and communication organization not affiliated with Kaiser Permanente.