Posted on December 17th, 2012 No comments
The Federal Trade Commission estimates that as many as nine million Americans have their identity stolen each year. Yes, you read that correctly…nine million and that number is growing!
None of us are truly insulated from the possibility of having our identities stolen unless we refuse to purchase items or pay bills by check or credit card and never venture out of the house to the doctor’s office or other location where our private information may be required. However, for those of us living in community associations, the threat may be even greater, particularly if sensitive information was gathered during the approval process and such information is not destroyed or, at a minimum, safeguarded.
Some but not all associations do run background and even credit checks on potential purchasers and renters in their communities. Often, a social security number, date of birth and enough other information to effectively steal an identity is requested on the application. The association uses this information to presumably undertake its due diligence and determine if the renter or purchaser poses any sort of real or financial threat to the community.
Assuming the association’s governing documents provide the board with the authority to perform such scrutiny, the real concern then becomes what happens with that sensitive information provided by the purchaser or renter? Is it immediately shredded or is it tossed in the garbage where it can possibly be retrieved by an identity thief? If it is not destroyed, where is it stored and who has access to it? Is the information kept under lock and key with only limited access by a defined group of people or is it tossed in a drawer and no further thought given to its existence?
As the identity theft crisis continues to grow, boards and managers who come into contact with sensitive information must start asking the foregoing questions and creating useful protocol to ward off a potential problem. Individuals applying to live in or rent in a community association should inquire about how their personal information will be handled both during the approval process and aftewards.
Victims of identity theft spend countless hours and real dollars trying to clear their credit history and correct their financial resources. Horror stories abound about the steps needed to pick up the pieces in the most drastic identity theft scenarios. As a result, many insurance companies are now offering relatively inexpensive identity theft endorsements to standard homeowners’ and renters’ policies. Homeowners should ask their insurance agents about the benefits of this coverage and the costs. Boards who collect sensitive information should similarly speak to their insurance agents about what they can do to protect themselves and their residents from an identity theft incident.
It’s never too soon to start thinking about ways to protect yourself and your community from this insidious problem.
Posted on October 10th, 2012 No comments
Thousands of Florida Realtors and other professionals with state licenses are being warned of a “very official”-looking identity theft scam that lures potential victims with threats of disciplinary action.
The Florida Department of Business and Professional Regulation, which regulates professions ranging from contractors to cosmetologists, began getting complaints about the scam last week.
Sandi Poreda, communications director for the department, said license holders are getting e-mails that look like they are from the department and claim there are disciplinary actions pending against the recipient. The license holder is directed to call a “department investigator” at a toll-free number where they are asked for personal data such as drivers license information and social security numbers.
“It looks very official,” Poreda said about the e-mail, which is being investigated by the department. “They copied the banner on our website and created an e-mail signature that looks very much like ours.”
While Realtors submitted the initial complaints about the scam, Poreda said the department doesn’t know how people are being targeted and therefore are notifying all of their license holders.
Officials fear the scam could be more effective than a typical e-mail solicitation because the department does contact licenses holders through e-mail about disciplinary issues. But Poreda said an official notice is typically also sent via regular mail.
“It’s important for people to know that this contact is not coming from us,” she said.
Anyone who gets a suspicious warning of disciplinary action from the department is being asked to call 850-487-1395 and report it to law enforcement.
The Federal Trade Commission reported earlier this year that Florida ranked first in the nation last year for the number of identity theft complaints per capita. Georgia followed, with California coming in third.
Florida’s top identity theft complaints came from fraud relating to government documents, such as tax returns, followed by credit card fraud and bank fraud.
Posted on August 31st, 2012 No comments
The sooner medical identity theft is discovered, the more likely damage can be minimized. Physicians, patients, insurers and the government all can help detect it.
When Anne Peters, MD, a Los Angeles-based internist, started receiving phone calls in 2006 from patients who were not hers about medical procedures she didn’t perform or even offer at her practice, she figured out pretty quickly that she had become a victim of medical identity theft.
When Dr. Peters sought advice on how to resolve the situation, she not only came up empty-handed, but she soon started feeling like a criminal herself. She was visited by federal agents, she received notices from the Internal Revenue Service regarding back taxes on $750,000 she never earned, and she was even detained once at the airport for more than an hour when she returned from a trip abroad. Meanwhile, Medicare stopped sending her payments for legitimate claims.
The worst part, she said, was that she couldn’t find anyone to help her figure out what went wrong or how to resolve it. What went wrong was that a sophisticated international crime ring had stolen her medical credentials, set up shop under her name and was illegally bilking Medicare out of hundreds of thousands of dollars.
Six years and countless headaches later, Dr. Peters finally got her name cleared. Because of her experience, Dr. Peters is in demand as a speaker on medical identity theft and helps raise awareness among her colleagues and among federal agents, who have developed programs to help physicians in similar situations.
Medical identity theft is very much on the radar of Medicare and other agencies responsible for investigating identity theft. In recent years, it has become the fastest-growing type of identity theft in the world, according to reports. An estimated 2 million people become victims of identity theft each year. And more than 5,300 physicians have listed themselves in a federal database that tracks medical identity theft. For physicians, the threat is a double whammy.
Only half of U.S. adults have reviewed their medical records, and few have checked for fraud in their record.
There are two types of medical ID theft: the kind that involves a patient’s identity being compromised; and the kind that involves the physician’s professional identifiers being stolen. Both could bring professional or financial harm to physicians.
Problems for physicians could go way beyond the threat of spending more than a year and many thousands of dollars clearing their names when their professional identities are compromised. (A February survey by Ponemon Institute, which studies computer security and identity theft issues, estimates that identity theft victims spend more than $22,000 clearing their names.)
Physicians also face repercussions when their patients’ identities are stolen. Patients report losing trust in their physicians after a medical ID theft has occurred. There is also the potential for medical errors and bad outcomes caused by two patients using the same identity. Physicians also potentially could be subjected to violations of the Health Insurance Portability and Accountability Act if they did not adequately protect the data from being stolen.
Identifying cases of medical ID theft early can help lessen the damage. And it’s easier than one might think to detect it. Many times, the clues are not well-hidden — it’s just that neither physician practices nor patients are connecting the dots.
Physician practices can work with patients, payers, employees and others to help prevent and detect medical ID theft. The biggest key to detection is education, said Shantanu Agrawal, MD, who serves as medical director for the Center for Program Integrity at the Centers for Medicare & Medicaid Services. Many people don’t even know what medical ID theft is, so educating patients on the problem and how to detect it is well worth a physician’s time, he said.
Warning signs for physicians
Dr. Peters’ story was highlighted in a Feb. 1 article in The Journal of the American Medical Association, by Dr. Agrawal and Peter Budetti, MD, JD, that was meant to educate physicians. Dr. Budetti is CMS deputy administrator and director of the agency’s Center for Program Integrity.
Dr. Agrawal said that when physicians receive calls such as the ones Dr. Peters received from patients she knew she never treated, that should be an immediate warning sign.
More than 5,300 physicians have listed themselves in a federal database that tracks medical identity theft.
In addition to educating patients on the importance of reviewing Medicare summary notices and the explanation of benefits documents sent by private insurers, physicians also should review their own Medicare remittance notices to look for services they never performed, or payments they never received. Names that don’t look familiar can be signs that someone is practicing in his or her name, and Medicare should be contacted immediately.
Physicians also can do routine checks of Medicare’s Provider Enrollment, Chain and Ownership System. This will list the practices associated with a physician’s name. If a practice has been set up using the physician’s Medicare identifier, it will show up on that list.
Jeremy Miller, a director at Kroll Advisory Solutions, a security response and mitigation firm, said other warning signs include mailings or phone calls that make reference to corporation filings or businesses under a different name than the actual practice. Other clues are credit reports that show accounts a physician doesn’t recognize.
“Don’t just assume it’s a mistake,” Miller said. “The earlier you capture those kinds of things, the easier it is to get it untangled.”
Physicians also should be aware that many thefts start with employees in the practice, said Bill Fox, senior director of the health care division at LexisNexis Risk Solutions. Some employees have access to passwords or identifiers that could be used to establish a fraudulent practice in the physician’s name. And they have the ability to intercept evidence that the fraud is occurring.
Risks for patients
Even though a large percentage of medical ID thefts that involve a patient using someone else’s insurance credentials to receive care are “Robin Hood” crimes involving willing victims, the consequences still could be devastating to both patients and physicians.
Patients run the risk of receiving improper medical treatment because of someone else’s information being in the medical record and used by physicians to make a treatment decision. And physicians who miss obvious signs that a patient is not who the medical record indicates could be held liable for any harm that was done because of the oversight, said Larry Ponemon, PhD, chair and founder of the Ponemon Institute.
Medical identify theft has become the fastest-growing type of identity theft in the world.
Just as EOB documents are a good way to detect physician medical ID theft, they are also a good way for patients to see whether someone is receiving services using their insurance benefits. But many patients toss these notices aside.
A survey by Harris Interactive conducted on behalf of Nationwide Insurance found that only half of U.S. adults have reviewed their medical records, and only 24% have ever checked for fraud within their records.
It’s well worth a physician’s time to educate patients on the importance of the EOB or Medicare summary notices and how to read them, Dr. Agrawal said.
Practice employees also are a good resource, as they are on the front lines, processing the paperwork of patients who may not be who they say they are. A checklist of things the front desk and physicians can do to thwart identity theft:
- Ask for two pieces of identification. Jorge Rey, information security and compliance director for Kaufman Rossin & Co., an accounting firm in South Florida, said this simple request can be an easy way to sniff out criminals. If the patient has an insurance card but no photo ID, or if a second piece of identification is handed over and it looks fake, or the description doesn’t match the person, consider these as warning signs.
- Ask for a referral source. Rey said simply asking new patients how they heard of the practice can prove beneficial. New patients are generally there because they were referred by another doctor or by a friend. Those referrals, especially ones from other doctors, can be used to establish the person’s identity, if needed.
- Look for inconsistencies in the record. The advancement of health information exchanges will make these crimes harder to pull off, because physicians won’t need prior relationships with patients to know something about them. Having access to patient records from another facility can help physicians identify discrepancies such as dramatic changes in weight or height.
What to do if you suspect something
The first thing physicians should do about potential medical ID theft is to heed the warning signs. If physicians or patients suspect fraud, Dr. Agrawal said, they should call their insurer. Medicare has a toll-free number where potential cases can be reported, and all calls are taken very seriously, he said. Many times these calls result in a new investigation or add information to one in progress.
Similar steps should be taken if the patient is insured through a private plan. The Federal Trade Commission also investigates medical ID theft and has a hotline and website where complaints can be filed. A police report should also be filed, Dr. Agrawal said.
While Dr. Peters never asked nor wanted to become the poster child for medical identity theft, she has taken her role seriously. She uses every available opportunity to educate other physicians about the risks. She urges more focus on prevention.
Medical ID theft is much more complex than other types of financial or identity theft, Ponemon said.
If you lose your credit card, for example, you can call the bank and they will cancel your current card within seconds and send you a new card with a new number. Use of medical identification isn’t as simple to stop, Ponemon said.
“In the world of health care credentials, if you lose your wallet and your credential is gone and you contact your health [insurer], they may send you a card with the same number on it,” Ponemon said. “They don’t really have these anti-fraud procedures in place.”
The key is for health care organizations to have their own anti-fraud procedures and to be vigilant about using them, he said.