The soaring cost of health care is spawning a new crime: medical identity theft, in which someone uses your insurance information and health records to obtain medication or even surgery. It happens to 250,000 people each year, says the World Privacy Forum. To protect yourself, the WPF recommends that you: 1) closely review all "explanation of benefits" letters from your health insurer, 2) annually request a list of benefits paid by your insurer in your name (sometimes thieves alter billing info), and 3) check your medical file every time you visit the doctor.Google, Microsoft, and dozens of other companies will also store your personal health records (PHRs) online. While there are advantages to having a complete medical history in one convenient location, some companies have "de-identified" these records and sold them to marketers. Pam Dixon, executive director of the WPF, does not generally recommend PHRs that are not maintained by health care providers. She stresses looking for a service that is "HIPAA covered" rather than "HIPAA compliant" in order to retain confidentiality. Look for that exact wording in the privacy statement. (Electronic health records, or EHRs, are maintained exclusively by health care providers.)
To tell the truth, I hardly check any of the 3 steps mentioned above. In other words, I really don't know if someone else misuses my medical insurance.
More info: here
(Note: For those who are not familiar with medical insurance (for example, in Sri Lanka it is not required to have such insurance), some countries such as USA, require you to possess a valid medical insurance if you are under a certain visa status. It is just like automobile insurance.)