More than anything else, medical identity theft is a quality-of-care issue, contaminating patient records and creating extra work for providers — in addition to short-term havoc wreaked on personal credit reports and government budgets.
With almost daily reports of fraud schemes large and small, and with the nation focused on digitizing health records and reforming health payment and delivery, the time is quite ripe to get proactive on the issue, said California Attorney General Kamala D. Harris, in a report offering advice to providers, payers and policy makers.
Indeed, if not now, when? Medical identity theft prevention and response should be seen as an integral part of reform, noted Harris, a former San Francisco district attorney. And it would probably behoove health organizations to start sooner rather than later, with a few dozen million Americans getting insurance and formally entering the healthcare system.
[See also: The surprising truth about medical ID thieves.]
They also owe it to patients “for whom it is often stressful, complicated, time-consuming and costly just to obtain copies of their medical records let alone to correct inaccuracies in their records resulting from fraud,” Harris said. “Unfortunately, many health care providers do not have adequate means to respond to patient reports of errors in their records.”
One form of medical identify theft accounts for nearly half of all cases, sharing information with a relative or friend assisting a patient in their care — and perhaps surprisingly, in those cases the fraud often involves the perpetrator using the information to actually get healthcare services, according to surveys by the Ponemon Institute.
In large part, Harris said, that type of identity theft is a function of the country’s lack of universal health coverage, and so it should also start declining as coverage is extended under the Affordable Care Act.
Other types of identity theft revolve around so-called “pill mills,” where people with substance abuse problems fraudulently try to accumulate painkillers, in addition to the fraud schemes that would appear to necessitate complex business plans on the part of the perpetrators.
And the way many cases of theft are caught now suggest that some may be going unnoticed.
In one recent instance involving a personal scheme to obtain opiate medications, a Seattle woman received a bill addressed to her infant son from a clinic prescribing OxyContin for a work-related back injury, later finding out that her child’s Social Security number had been stolen.
In a case of provider fraud, a psychiatrist used false diagnoses of drug addiction, depression and other disorders with the records of non-patients to submit false bills to insurers — a scheme discovered when one of the victims noticed that a diagnosis of severe depression, which he never received, was listed in his medical records.
Then there are the massive Medicare and Medicaid fraud schemes, like one in Miami nabbed by federal investigators recently where 25 individuals, including two nurses, allegedly submitted some $44 million in false Medicare bills for unrendered and unnecessary services — and the alleged ring leader spent most of his take on two Lamborghinis, a Ferrari, a Bentley and other luxury cars.
[Not merely stolen: A look at what happens to stolen medical records.]
Harris and many other government prosecutors want to stop seeing so many cases in which money was already spent in the headlines, and while health organizations certainly have a lot on their plate, they should consider some more steps.
In addition to having robust identity theft investigation and remediation protocols, Harris suggests that providers should start doubling down on prevention — incorporating medical identity integrity as a quality-of-care issue into their organizational culture, informing patients of the risks and consequences of identity theft, and considering the use of fraud prevention software, like anomaly detection and suspicious data flagging,
For payers, including public programs that are often targeted in fraud schemes, Harris recommends making it as easy as possible for patients to report errors that might suggest identity theft (which they should be doing in their explanation of benefits). Like providers, they should consider fraud-detection software that can flag suspicious claims, and when an identity theft is confirmed, correcting the information to make sure it doesn’t affect benefits should be as much of a priority as notifying law enforcement.
Harris is also calling on health information organizations and IT companies to build systems that can more easily help providers and insurers prevent, detect and investigate medical identity theft, and on lawmakers and health agencies to help guide that process.
For policymakers such as the Office of the National Coordinator, Harris is urging the development of standards to help the industry offer reliable fraud prevention capabilities in EMR and health software systems. She’s also suggesting that the ONC and HHS consider requiring medical identity theft responses as part of either EMR certification or recommended best practices.
Much as the principle is being adopted in all facets of American health and healthcare, the bottom line in identity theft is prevention. Last year, some 1.84 million Americans were victims of medical identity theft in the U.S. — costing an estimated $12.3 billion.
See also:
3 simple things consumers can do to curtail medical ID theft
