Posted on August 31st, 2012 No comments
The sooner medical identity theft is discovered, the more likely damage can be minimized. Physicians, patients, insurers and the government all can help detect it.
When Anne Peters, MD, a Los Angeles-based internist, started receiving phone calls in 2006 from patients who were not hers about medical procedures she didn’t perform or even offer at her practice, she figured out pretty quickly that she had become a victim of medical identity theft.
When Dr. Peters sought advice on how to resolve the situation, she not only came up empty-handed, but she soon started feeling like a criminal herself. She was visited by federal agents, she received notices from the Internal Revenue Service regarding back taxes on $750,000 she never earned, and she was even detained once at the airport for more than an hour when she returned from a trip abroad. Meanwhile, Medicare stopped sending her payments for legitimate claims.
The worst part, she said, was that she couldn’t find anyone to help her figure out what went wrong or how to resolve it. What went wrong was that a sophisticated international crime ring had stolen her medical credentials, set up shop under her name and was illegally bilking Medicare out of hundreds of thousands of dollars.
Six years and countless headaches later, Dr. Peters finally got her name cleared. Because of her experience, Dr. Peters is in demand as a speaker on medical identity theft and helps raise awareness among her colleagues and among federal agents, who have developed programs to help physicians in similar situations.
Medical identity theft is very much on the radar of Medicare and other agencies responsible for investigating identity theft. In recent years, it has become the fastest-growing type of identity theft in the world, according to reports. An estimated 2 million people become victims of identity theft each year. And more than 5,300 physicians have listed themselves in a federal database that tracks medical identity theft. For physicians, the threat is a double whammy.
Only half of U.S. adults have reviewed their medical records, and few have checked for fraud in their record.
There are two types of medical ID theft: the kind that involves a patient’s identity being compromised; and the kind that involves the physician’s professional identifiers being stolen. Both could bring professional or financial harm to physicians.
Problems for physicians could go way beyond the threat of spending more than a year and many thousands of dollars clearing their names when their professional identities are compromised. (A February survey by Ponemon Institute, which studies computer security and identity theft issues, estimates that identity theft victims spend more than $22,000 clearing their names.)
Physicians also face repercussions when their patients’ identities are stolen. Patients report losing trust in their physicians after a medical ID theft has occurred. There is also the potential for medical errors and bad outcomes caused by two patients using the same identity. Physicians also potentially could be subjected to violations of the Health Insurance Portability and Accountability Act if they did not adequately protect the data from being stolen.
Identifying cases of medical ID theft early can help lessen the damage. And it’s easier than one might think to detect it. Many times, the clues are not well-hidden — it’s just that neither physician practices nor patients are connecting the dots.
Physician practices can work with patients, payers, employees and others to help prevent and detect medical ID theft. The biggest key to detection is education, said Shantanu Agrawal, MD, who serves as medical director for the Center for Program Integrity at the Centers for Medicare & Medicaid Services. Many people don’t even know what medical ID theft is, so educating patients on the problem and how to detect it is well worth a physician’s time, he said.
Warning signs for physicians
Dr. Peters’ story was highlighted in a Feb. 1 article in The Journal of the American Medical Association, by Dr. Agrawal and Peter Budetti, MD, JD, that was meant to educate physicians. Dr. Budetti is CMS deputy administrator and director of the agency’s Center for Program Integrity.
Dr. Agrawal said that when physicians receive calls such as the ones Dr. Peters received from patients she knew she never treated, that should be an immediate warning sign.
More than 5,300 physicians have listed themselves in a federal database that tracks medical identity theft.
In addition to educating patients on the importance of reviewing Medicare summary notices and the explanation of benefits documents sent by private insurers, physicians also should review their own Medicare remittance notices to look for services they never performed, or payments they never received. Names that don’t look familiar can be signs that someone is practicing in his or her name, and Medicare should be contacted immediately.
Physicians also can do routine checks of Medicare’s Provider Enrollment, Chain and Ownership System. This will list the practices associated with a physician’s name. If a practice has been set up using the physician’s Medicare identifier, it will show up on that list.
Jeremy Miller, a director at Kroll Advisory Solutions, a security response and mitigation firm, said other warning signs include mailings or phone calls that make reference to corporation filings or businesses under a different name than the actual practice. Other clues are credit reports that show accounts a physician doesn’t recognize.
“Don’t just assume it’s a mistake,” Miller said. “The earlier you capture those kinds of things, the easier it is to get it untangled.”
Physicians also should be aware that many thefts start with employees in the practice, said Bill Fox, senior director of the health care division at LexisNexis Risk Solutions. Some employees have access to passwords or identifiers that could be used to establish a fraudulent practice in the physician’s name. And they have the ability to intercept evidence that the fraud is occurring.
Risks for patients
Even though a large percentage of medical ID thefts that involve a patient using someone else’s insurance credentials to receive care are “Robin Hood” crimes involving willing victims, the consequences still could be devastating to both patients and physicians.
Patients run the risk of receiving improper medical treatment because of someone else’s information being in the medical record and used by physicians to make a treatment decision. And physicians who miss obvious signs that a patient is not who the medical record indicates could be held liable for any harm that was done because of the oversight, said Larry Ponemon, PhD, chair and founder of the Ponemon Institute.
Medical identify theft has become the fastest-growing type of identity theft in the world.
Just as EOB documents are a good way to detect physician medical ID theft, they are also a good way for patients to see whether someone is receiving services using their insurance benefits. But many patients toss these notices aside.
A survey by Harris Interactive conducted on behalf of Nationwide Insurance found that only half of U.S. adults have reviewed their medical records, and only 24% have ever checked for fraud within their records.
It’s well worth a physician’s time to educate patients on the importance of the EOB or Medicare summary notices and how to read them, Dr. Agrawal said.
Practice employees also are a good resource, as they are on the front lines, processing the paperwork of patients who may not be who they say they are. A checklist of things the front desk and physicians can do to thwart identity theft:
- Ask for two pieces of identification. Jorge Rey, information security and compliance director for Kaufman Rossin & Co., an accounting firm in South Florida, said this simple request can be an easy way to sniff out criminals. If the patient has an insurance card but no photo ID, or if a second piece of identification is handed over and it looks fake, or the description doesn’t match the person, consider these as warning signs.
- Ask for a referral source. Rey said simply asking new patients how they heard of the practice can prove beneficial. New patients are generally there because they were referred by another doctor or by a friend. Those referrals, especially ones from other doctors, can be used to establish the person’s identity, if needed.
- Look for inconsistencies in the record. The advancement of health information exchanges will make these crimes harder to pull off, because physicians won’t need prior relationships with patients to know something about them. Having access to patient records from another facility can help physicians identify discrepancies such as dramatic changes in weight or height.
What to do if you suspect something
The first thing physicians should do about potential medical ID theft is to heed the warning signs. If physicians or patients suspect fraud, Dr. Agrawal said, they should call their insurer. Medicare has a toll-free number where potential cases can be reported, and all calls are taken very seriously, he said. Many times these calls result in a new investigation or add information to one in progress.
Similar steps should be taken if the patient is insured through a private plan. The Federal Trade Commission also investigates medical ID theft and has a hotline and website where complaints can be filed. A police report should also be filed, Dr. Agrawal said.
While Dr. Peters never asked nor wanted to become the poster child for medical identity theft, she has taken her role seriously. She uses every available opportunity to educate other physicians about the risks. She urges more focus on prevention.
Medical ID theft is much more complex than other types of financial or identity theft, Ponemon said.
If you lose your credit card, for example, you can call the bank and they will cancel your current card within seconds and send you a new card with a new number. Use of medical identification isn’t as simple to stop, Ponemon said.
“In the world of health care credentials, if you lose your wallet and your credential is gone and you contact your health [insurer], they may send you a card with the same number on it,” Ponemon said. “They don’t really have these anti-fraud procedures in place.”
The key is for health care organizations to have their own anti-fraud procedures and to be vigilant about using them, he said.
Posted on January 19th, 2011 No comments
The accelerated uptake of electronic health records, the widespread use of smartphones and dramatic advances in telemedicine are among the 2010 healthcare trends cited in a new industry report from staffing firm Jackson & Coker. Forecast in 2011? More RAC audits, deeper Medicare and Medicaid cuts and fierce competition for hospitals
Read the rest here:
Jackson & Coker highlights 2010 healthcare trends, forecasts 2011
Posted on December 27th, 2010 No comments
Registration for the Medicare and Medicaid electronic health records incentive programs opens Jan. 3, the Centers for Medicare & Medicaid Services has announced
Government EHR incentive program ready to go
Posted on October 22nd, 2010 No comments
The Centers for Medicare and Medicaid Services is about to publish a notice to correct inconsistencies in the meaningful use final rule, its top e-health official said, as well as guidance for providers on how to meet quality measures required by the health IT incentive program.
Posted on October 17th, 2010 No comments
HP Enterprise Services has been awarded a task order worth up to $26 million by the Centers for Medicare & Medicaid Services (CMS) to maintain its Integrated Data Repository (IDR) and provide data quality services to improve the accuracy of Medicare payment data. The task order is in support of the agency's administration of the Medicare and Medicaid electronic health records incentive programs created by the HITECH Act.
HP offers data integrity enhancements to CMS
A bill to exclude some lawyers from the Federal Trade Commission’s anti-identity theft “red flag rule” has passed the U.S.
The FDIC wants you to know it’s not writing you. The agency that insures bank deposits warns that someone is sending out e-mails that appear to be from the FDIC asking people to check their insurance coverage
As many as 68,000 members of CalOptima, the Medicaid plan for Orange County, California, may be at risk of identity theft and fraud after several CDs containing their personal information disappeared while in transit, the agency reported.
Read the rest here:
68,000 CalOptima Members at Risk in Data Breach
Posted on July 17th, 2009 No comments
HealthPort, based in Alpharetta, Ga., has announced that Resurrection Health Care of Chicago has signed an agreement to implement the company’s RACPro Basic software, designed to help hospitals with access to records and activity reports needed for the Centers for Medicare and Medicaid Services’ Recovery Audit Contractor initiative.
See the original post here:
Vendor Notebook – HealthPort sells RACPro software to Resurrection Health Care
Posted on July 2nd, 2009 No comments
A class action claims that the Stimulus Act jeopardizes the privacy rights of the 65 percent of Americans who aren’t on Medicaid or Medicare by requiring healthcare providers to create an electronic health record of every person in the United States.
View original post here:
Suit claims Stimulus Act puts privacy in jeopardy