Using social media to catch workers’ comp cheats & other infringements on your “privacy”

documents22“Dear xxxx,

I think you should have a look at the Injured workers support network website comments pages. It appears your patient XXX has been bad mouthing you on it”

This is an extract from an email we received from one of our members last year. which we dealt with by referring onto the regulator for breaches by the insurer.

There was only one way the insurer could have known it was xxx who had made a comment on our website. They had to have hacked into our system and looked up the members account. Member xxx never made disparaging comments about doctor xxx -ever. so it was fairly easy for us to tell how case manager xxx could have go the information that member xxx had even ever made a comment on our website. They either hacked into our computer system, or they made the whole thing up.

Our website has as much protection as we can afford to give it and we always encourage people to not include personal information on their posts if they can help it. – and we will be reporting any potential hacking to the police now we have the capacity to compare and track an IP address.

But there are numerous ways in which insurers, investigators and employers can spy on your online presence without going to the seemingly long attempts that insurer did. And numerous ways you can stop them.

Make surer you Facebook, google+, or any other social media page is set to the highest privacy settings available.

If your Facebook page is not set to the top privacy available anyone can read your posts or see your pictures. A Facebook search or even just a google search on your name will generally let someone view your Facebook page and there is no crime committed in do in that. If it’s not set to private- its available to all.

Make sure you only “friend” people you personally know.

It sounds harsh but we have known investigators to post as a friend of a friend (not only investigators but charlatans as well) and come in that way.

Think before you post.

If you are putting up a historic picture of you surfing make sure you get the right date on it (i.e before your accident) so people don’t get the wrong idea. -but don’t lie either if you are surfing while telling the insurer that you have no capacity to surf then you should change your assertion that you have no capacity to surf.

Don’t be manipulated into giving out your passwords.

Attempts to gain my password for our website happen to me quite a bit (last year we had 200 attacks on my account) they usually go “dear Rowin, we have noticed a problem with your wordpress site and need to fix it, to ensure your privacy confirm you user name and password in your reply to this email and we will fix it for you.” – it’s never going to work- mostly because if there ever was a problem with the website that needed fixing the guy who would do it would be visiting my office but also because I am never going to give out a password over an email system.

This type of attack is called social engineering and I think I might do another story on it later.

Think before you write.

In the beginning and the end confidentiality rests with you, if you say something on a news page as a comment someone will be able to trace that back to you. its sad I know but what you say on public forums is public. There are levels though, writing “I am having a good day” is not the same as saying “just hoodwinked the doctor into giving me a L5 & L6 spinal injury – now going to climb Kosiosko.”

Why should you limit what you write though? I know the argument for free speech, and I’m not going to us a “but” on that. If your injury is real (and 99.08% are proven real according to workcover), if your injury is not exaggerated (and 97.5% aren’t according to the self insurers) then you shouldn’t have a problem.  The example I used at the beginning wasn’t made up- in any area of the members injury or in what they had written down, the comments attributed to the member weren’t extreme in any way. The anxiety and problems the case manager made for our member were serious and extreme- avoidance is better than cure in this case (though I doubt our member could have avoided this particular case managers actions).

The unfortunate fact is: investigators and case managers will try every legal means possible to find out whether they can deny your claim. Your online presence is just another avenue for them to do this snooping. It only becomes illegal if you have taken steps (such as activating full privacy) and they have to do more than look up your name.

So the takeaway message from this is.

  1. Insurers and investigators do try to look up your online presence to do their snooping.
  2. Make it harder for them by using a high level privacy settings on your online presence.
  3. If they still do it after that- report it to the police- because they have just crossed the line.