Identity fraud typically conjures thoughts of credit card scams or stolen Social Security numbers. Medical identity fraud is often overlooked, but can be a crime that kills.
On the black market your medical identity can be worth as much as $50 per person versus $1 for a Social Security Number. Imagine the harm that could be caused if a fraudster obtained both for a cost of less than $52. Medical Identity Fraud is gaining momentum and in the next few years you will hear more and more about it, not just from a financial perspective, but from a quality of care perspective as well.
What Is Medical Identity Theft?
Medical identity theft is “the appropriation or misuse of a patient’s or [provider’s] unique medical identifying information to obtain or bill public or private payers for fraudulent medical goods or services,” according to S. Agrawal and P. Budetti in their article, Physician Medical Identity Theft, in the Journal of the American Medical Association.
So medical identity fraud are the fraudulent activities resulting from the theft.
Common medical identity fraud schemes
All providers are at risk for medical identity theft. Criminals typically use two major approaches to bill fraudulent claims with stolen medical identities.
In the first approach, criminals use provider medical identifiers to make it appear as if providers ordered or referred patients for additional health services, such as Durable Medical Equipment (DME), diagnostic testing, or home health services.
In the second approach, criminals use provider medical identifiers to make it appear that a physician provided and billed services directly. On January 5, 2012, a woman in Florida was sentenced to prison for using a New York physician’s medical identifiers from April 2004 through March 2007, to bill services never rendered. She billed the services to a Medicare Part B carrier in New Jersey. The physician did not know the perpetrator, never saw any of the patients, and did not give permission to use his identity.
Potentially deadly implications for quality of care
What if you needed a blood transfusion during a trip to the emergency room; however, you received the wrong type of blood? Your medical history clearly showed that you were AB positive but yet you didn’t receive that type of blood. In the past, you might assume a doctor or nurse made an error. However, in today’s world it could be a result of medical identity theft.
In this example a fraudster, using your medical identifier, could go to the emergency room to get treatment for a real condition they have. By getting treatment, their medical profile now is a part of your record. That is, the fraudster changed your medical history by adding a false diagnosis, blood type and identifier to your record. So the fraudster’s blood type, allergies, diseases, and health conditions, that are not accurately reflecting your health, become a part of your record. This is just one small scenario of what can go wrong, causing a serious quality of care issue. The scenarios are frighteningly endless.
Medical ID theft vs. Financial ID theft
The threat of medical identity theft has increased, in part, because of breaches, including the high-profile, massive attacks on some of the nation's largest health insurance companies.
Hackers stole information on a reported 80 million customers and employees in one such attack. Anytime a healthcare breach occurs, the long term medical identity fraud threat may go on for years before the attempt to commit fraud with the stolen information could occur. Therefore, the true damages of a breach will be hard to truly quantify in the short term.
Until recently, there was not a lot of data to steal from medical records because digitization is a relatively new concept. The Affordable Care Act has put into place digital healthcare record requirements that will only increase the amount of information that is available for the taking.
What makes medical identity fraud particularly tricky is medical facilities and insurance companies often do not have systems in place to alert you to unusual activity, unlike banks and other financial institutions. There also are very few steps in place to verify procedures with the alleged recipient. That is, someone can use your insurance policy for a procedure, yet no one will call to verify the claim in advance. Also, while a bank or credit card will usually refund your money or remove suspicious charges while an incident is investigated, you might immediately find yourself on the hook for a fraudulent medical bill.
Imagine opening your mail one day and having $250,000 in medical bills that you never received. It becomes a tangled mess to alleviate the error and is a burden on insurers and hospitals as you try to determine what actually occurred in your medical past to correct your medical record. This is happening across the United States and will only worsen.
Learning from the Financial Marketplace
The financial marketplace has systems in place to alert you to unusual activity. Chances are that on any given day a transaction that you make has analytics running behind it to make sure the event is a legitimate one.
To tackle medical identity fraud, the wheel doesn’t need to be completely reinvented. Many of the same data analytics used in the financial market place to detect anomalies could be used with a different algorithm to successfully identify medical identity fraud, and following our previous example, prevent the wrong blood type from being administered in the healthcare system. There are hundreds of other applications as well. In sum, analytics can not only help prevent fraud from a traditional cost recovery sense, but it can help ensure the quality of care that is delivered.
This week is International Fraud Awareness Week, which I’ll be celebrating at the SAS-sponsored NHCAA Institute for Health Care Fraud Prevention Annual Training Conference in San Diego. Please come say hello if you are partcipating.
