9/26/2012

1

Medical Identity TheftHealth Care Compliance Association

Clinical Practice Compliance Conference

October 16, 2012Julie K. Taitsman, M.D., J.D.

Chief Medical Officer

Christi Grimm, MPASpecial Assistant to the

Principal Deputy Inspector General

Definition

Medical Identity Theft is the appropriation of a patient’s or provider’s unique medical identifying information with the intent to

misuse this information to bill for or obtain medical goods or services from

public or private payers.

2

9/26/2012

2

Types of Medical Identity Theft

Provider identity stolen to:Authorize or order items or servicesBill insurers for items and services

Beneficiary identity stolen to:Bill insurers for items and services

never renderedBill insurers for items and services

rendered to someone other than the beneficiary

3

How Big Is the Problem?

3,600 cases reported to the FTC in 2009

CMS identified

5,000 compromised Medicare provider numbers (Parts A/B/D)

280,000 compromised beneficiary numbers

Many cases go undetected and unreported

4

9/26/2012

3

Whom Does Medical Identity Theft Hurt?

5

Health insurers Cost for fraudulent claims Resources to develop safeguards

Taxpayers Increased Medicare & Medicaid

expenses Cost to implement

protective/preventive laws & systems

Law enforcement

Beneficiaries Financial liability Service limits Corrupted medical records Compromised care

Providers Professional reputation Financial liability

Incorrect overpayment assessments

Incorrect income tax assessments

Case Study # 1

6

Fraudulent Prescriptions

9/26/2012

4

Case Study # 1Lessons &Tips

Keep track of prescription pads

Educate your patients • Be on the Lookout!

Open lines of communication with pharmacies

7

Case Study # 2

Patient Recruiting

Schemes

8

9/26/2012

5

Case Study # 2Lessons & Tips

Never authorize unnecessary items or services

Perform all necessary exams and testing before authorization

Set internal policies to avoid taking shortcuts

Choose business partners carefully

9

Directly Billing for Services Using Stolen Physician Identity

10

9/26/2012

6

Case Study # 3

Complicit Physician Allows Misuse

of Physician Identity

11

Case Study # 3Lessons &Tips

Maintain accurate medical record documentation

Ensure your records support medical necessity

Only bill and chart for the services provided

If someone else provided a service, don’t bill as if you provided it yourself

Only certify accurate and truthful claims

12

9/26/2012

7

Case Study # 4

Recruited Medical Directors

13

Case Study # 4Lessons &Tips

If it sounds too good to be true, it probably is

Choose business partners carefully

Determine how much time the position will require

Monitor the use of identifiers

14

9/26/2012

8

Consequences to Victimized Physician

Overpayment demand letters

Tax liabilities

Credit issues

Exoneration difficulties

Damaged reputation

15

What Can You Do to Protect Yourself?

Actively manage enrollment information with payers

Monitor billing and compliance processes

Control prescribing authorities and medical identifiers

Choose staff and business partners carefully

16

9/26/2012

9

Consequences to Victimized Beneficiary

Financial liability

Denial of services

Difficulty accessing needed care

Corrupted medical records and compromised care

17

What Can You Do to Protect Your Patients?

Hire and supervise staff carefully

Store medical records and other documents with patient information securely

Use computers and mobile digital devices responsibly

Educate your patients to protect themselves

18

9/26/2012

10

Resource for Patient Education

19

What Can You Advise Your Patients to Do to Protect Themselves?

Guard your card

Only give information to providers you trust

Don’t reveal personal information to strangers

Hang up or walk away

Review all medical bills, summary notices, and explanation of benefit statements

Don’t “share” your card20

9/26/2012

11

Some Risks Are Beyond Your Control

Public access to physician identifiers

Large number of providers with legitimate access to identifiers

Use of Social Security numbers as beneficiaries’ Medicare numbers

21

If You Identify Fraud, What Next?

Report medical identity theft to:

Local law enforcement State Medicaid Agencies (SMA) Federal Trade Commission (FTC) HHS-OIG CMS regional offices

CMS CPI identity remediation process for providers

22

9/26/2012

12

Where Should Beneficiaries Report Identity Theft?

State Medicaid Agency (SMA)Website: http://www.cms.gov/Medicare-Medicaid-Coordination/Fraud-

Prevention/FraudAbuseforConsumers/Downloads/smafraudcontacts.pdf

Federal Trade Commission (FTC)Phone: 1-877-438-4338 (1-877-ID-THEFT)

TTY #: 1-866-653-4261Website: http://www.ftc.gov/bcp/edu/microsites/idtheft/

HHS-OIG HotlinePhone: 1-800-447-8477 (1-800-HHS-TIPS)

TTY #: 1-800-377-4950Fax #: 1-800-223-8164

E-mail: HHSTips@oig.hhs.gov Website: http://oig.hhs.gov/fraud/report-fraud/index.asp

23

CMS CPI Identity Remediation Process for Providers

Proactively identify and help victims by:

Responding to the needs of legitimate providers

Helping to absolve related debts, overpayments, and/or tax obligations

Websites: • https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud-

Prevention/MedicaidIntegrityProgram/downloads/cpiinitiatives.pdf

• http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/MedicareProviderSupEnroll/downloads/ProviderVictimPOCs.pdf

24

9/26/2012

13

HHS-OIG Compliance Guidance

http://oig.hhs.gov/compliance/compliance-guidance/index.asp 25

Questions?

Christi GrimmEmail: christi.grimm@oig.hhs.gov

Phone: (202) 205-0659

Julie TaitsmanEmail: julie.taitsman@oig.hhs.gov

Phone: (202) 619-3189

OIG Website: http://www.oig.hhs.gov

Twitter: @OIGatHHS

26